Yearn Finance Hit by Major yETH Exploit as Attacker Drains Funds

Yearn Finance confirmed a major exploit affecting its yETH product on Sunday, November 30th, stemming from an infinite-mint vulnerability in the yETH token contract, not the main Vault infrastructure. An attacker created approximately 235 trillion yETH and used these tokens to drain real assets, primarily ETH and Liquid Staking Tokens (LSTs), from Balancer liquidity pools, resulting in estimated losses of $2.8 million. Roughly 1,000 ETH was subsequently laundered through Tornado Cash, utilizing self-destructing helper contracts to obscure the trail. Yearn confirmed that its V2 and V3 Vaults remained unaffected, keeping the Total Value Locked (TVL) above $600 million. Paradoxically, the YFI token price spiked sharply shortly after the news broke due to market misinterpretation, leading short-sellers to cover their positions, causing a brief short squeeze amplified by YFI's low circulating supply of only 33,984 tokens.

(Source：BeInCrypto)