TLDR
- Yearn Finance’s yETH product was exploited through an unlimited minting attack that drained liquidity from Balancer pools on November 30, 2025
- The attacker created approximately 235 trillion yETH tokens in one transaction and stole around $2.8-3 million worth of ETH
- About 1,000 ETH was laundered through Tornado Cash mixer after the exploit
- Yearn confirmed V2 and V3 Vaults were not affected and remain secure, with total value locked staying above $600 million
- YFI token price spiked from $4,080 to over $4,160 after the exploit due to a short squeeze from traders misinterpreting the attack’s scope
Yearn Finance confirmed an active exploit targeting its yETH product on Sunday after an attacker executed an unlimited token minting attack. The incident occurred around 21:11 UTC on November 30, 2025.
We are investigating an incident involving the yETH LST stableswap pool.
Yearn Vaults (both V2 and V3) are not affected.
— yearn (@yearnfi) November 30, 2025
Blockchain data shows the attacker minted approximately 235 trillion yETH tokens in a single transaction. The malicious wallet then used these tokens to drain real assets from Balancer liquidity pools.
The exploit specifically targeted yETH, an index token consisting of various Ethereum Liquid Staking Derivatives. The attacker removed primarily ETH and liquid staking tokens from the affected pools.
#PeckShieldAlert Yearn Finance @yearnfi suffered an attack resulting in a total loss of ~$9M.
The exploit involved minting a near-infinite number of yETH tokens, depleting the pool in a single transaction.
~1K $ETH (worth ~$3M) was sent to #TornadoCash, while the exploiter's… pic.twitter.com/IXNygpwoWa
— PeckShieldAlert (@PeckShieldAlert) December 1, 2025
Early estimates suggest the attacker profited around 1,000 ETH, worth approximately $2.8 to $3 million. The stolen funds were quickly routed through Tornado Cash, a cryptocurrency mixer used to obscure transaction trails.
Nansen’s alert system confirmed the attack as an infinite-mint vulnerability in the yETH token contract. The vulnerability did not affect Yearn’s main Vault infrastructure.
Yearn Vaults Remain Secure as Investigation Continues
Yearn Finance issued a statement confirming that its V2 and V3 Vaults remain secure and unaffected by the exploit. The vulnerability appears limited to the legacy yETH implementation.
The protocol’s Total Value Locked remains above $600 million, according to CoinGecko data. This suggests the core systems were not compromised during the attack.
The exploit involved several newly deployed smart contracts that self-destructed after the transaction. These helper contracts were deployed minutes before the incident to obscure the attacker’s trail.
Prior to the attack, the yETH pool had a total value around $11 million, according to Dexscreener data. The total financial losses remain under investigation.
The incident marks another security breach for Yearn Finance, which suffered a hack in 2021 affecting its yDAI vault. That attack resulted in $11 million in losses, with the hacker taking $2.8 million.
YFI Token Shows Unexpected Price Spike
YFI’s price spiked sharply following the exploit, climbing from near $4,080 to over $4,160 within an hour. The move came despite negative headlines surrounding the security breach.
Market analysts attribute the price spike to a short squeeze. Initial reports of a “Yearn exploit” prompted traders to open short positions on YFI.
When traders learned the attack was isolated to yETH and not Yearn’s main Vaults, short-sellers began covering positions. This triggered rapid buying pressure and volatility-driven price movement.
YFI’s circulating supply stands at only 33,984 tokens, making it one of the most illiquid major DeFi governance assets. This structure amplifies price movements during periods of uncertainty.
Derivatives data showed elevated funding volatility immediately after the exploit alert. For now, losses appear contained to the yETH and Balancer pools touched by the exploit.
