Yearn Finance has printed an in depth autopsy on final week’s yETH exploit, explaining how a numerical flaw in one in all its older stableswap swimming pools let an attacker mint an virtually limitless quantity of LP tokens and steal about $9M in belongings.
The DeFi platform mentioned it has already recovered a part of the stolen funds.
Within the report, Yearn mentioned the assault hit the yETH weighted stableswap pool at block 23,914,086 on November 30, 2025.
DISCOVER: High 20 Crypto to Purchase in 2025
Which Yearn Merchandise Had been Affected and Which Stayed Protected?
The breach adopted what the workforce described as “a fancy sequence of operations” that pushed the pool’s inner solver right into a divergent state after which triggered an arithmetic underflow.
Yearn famous that its v2 and v3 vaults, together with the remainder of its merchandise, “weren’t affected.” The impression stayed restricted to yETH and the methods tied to it.
The attacker focused a customized stableswap pool that held a number of liquid staking tokens: apxETH, sfrxETH, wstETH, cbETH, rETH, ETHx, mETH, and wOETH, in addition to a yETH/WETH Curve pool.
In response to Yearn’s asset snapshot, the swimming pools held a mixture of LSTs and 298.35 WETH earlier than the exploit occurred.
Yearn’s autopsy breaks the assault into three clear steps.
Within the first stage, the attacker used a sequence of imbalanced add_liquidity deposits that pushed the pool’s fixed-point solver right into a state it wasn’t constructed to handle.
That transfer precipitated the inner product time period, Π, to fall to zero. As soon as that occurred, the weighted-stableswap invariant failed, permitting the attacker to mint way more yETH LP tokens than the worth that they had truly deposited.
With these inflated LP tokens in hand, the attacker moved to the following part.
They repeatedly known as remove_liquidity and associated capabilities, pulling out virtually the entire LST liquidity. Many of the loss shifted onto protocol-owned liquidity contained in the staking contract.
DISCOVER: 9+ Greatest Excessive-Danger, Excessive-Reward Crypto to Purchase in 2025
What Funds Has Yearn Recovered So Far, And Who Will Obtain Them?
In response to Yearn, this sequence drove the pool’s inner provide to zero though ERC-20 balances nonetheless confirmed tokens within the contract.
Within the remaining step, the attacker slipped right into a “bootstrap” initialization path that was solely supposed for the pool’s first launch.
By sending a crafted dust-level configuration that broke a key area rule, they triggered an unsafe subtraction. That underflow created a large batch of latest yETH LP tokens and accomplished the exploit.
Yearn mentioned the underflow was so extreme that it created what the workforce known as an “infinite-mint.” The attacker used this flaw to empty the yETH/ETH Curve pool.
The mission mentioned it has recovered 857.49 pxETH to date with assist from the Plume and Dinero groups. A restoration transaction came about on Dec. 1.
Yearn plans to return the recovered belongings to yETH depositors on a pro-rata foundation, utilizing balances from proper earlier than the exploit. Any additional recoveries, whether or not from cooperation by the attacker or from new tracing efforts, can even go to depositors. The timeline launched by Yearn reveals {that a} warfare room was fashioned about 20 minutes after the breach.
The SEAL 911 response group joined quickly after. Investigators say the attacker despatched 1,000 ETH to Twister Money later that evening, and moved the remaining funds by the mixer on Dec. 5.
Earlier reporting from The Block mentioned roughly $3M in ETH moved by Twister Money within the hours after the assault.
The autopsy additionally reminds customers that YIP-72 governs yETH. It factors to the product’s “Use at Personal Danger” clause, which states that Yearn contributors and YFI governance usually are not answerable for masking losses.
The report says any recovered funds will return to affected customers.
DISCOVER: 15+ Upcoming Coinbase Listings to Watch in 2025
Why you’ll be able to belief 99Bitcoins
Established in 2013, 99Bitcoin’s workforce members have been crypto consultants since Bitcoin’s Early days.
90hr+
Weekly Analysis
100k+
Month-to-month readers
50+
Skilled contributors
2000+
Crypto Tasks Reviewed
Comply with 99Bitcoins in your Google Information Feed
Get the newest updates, traits, and insights delivered straight to your fingertips. Subscribe now!
Subscribe now 
