Yearn Finance Confirms $9 Million Loss After Unauthorized YETH Minting Incident

An attacker exploited a legacy yETH contract and drained nearly $9 million across two liquidity pools.

About $3 million in stolen ETH moved through Tornado Cash, while $6 million remains in the attacker’s wallet.

Yearn Finance confirmed the issue affected only the legacy product as investigations continue without a recovery plan announced.

Yearn Finance reported a major security incident after an attacker gained access to a custom pool and created an unlimited volume of yETH tokens. The event caused nearly $9 million in losses and prompted immediate investigation efforts. The platform stated that the issue involved a legacy product and did not affect active vaults. The breach triggered new scrutiny across the decentralized finance sector as investigators tracked the movement of stolen assets.

Unauthorized Token Creation Enables Large Asset Drain

The event occurred on November 30 at 21:11 UTC when an attacker targeted a contract linked to Yearn’s yETH token. Investigators stated that the contract used a unique design that differed from the platform’s main offerings. This design created an opening that allowed the attacker to mint yETH tokens far beyond intended limits. The oversized mint then enabled direct withdrawals from connected liquidity pools.

The attacker removed about $8 million from a primary stableswap pool. Additionally, the attacker extracted around $0.9 million from a yETH-WETH pool hosted on Curve. The combined loss reached close to $9 million. The incident unfolded in a single execution, which investigators described as a rapid drain of accessible liquidity.

Movement of Funds Through Tornado Cash Follows the Attack

Soon after the unauthorized withdrawals, tracking groups observed the attacker transferring part of the stolen funds. Analysts at PeckShieldAlert reported that the attacker moved roughly 1,000 ETH, worth about $3 million, through Tornado Cash. This service commonly enables transaction obfuscation, which limits visibility into next-step destinations.

The attacker retained control of the remaining assets. Wallet records showed about $6 million in various tokens still held by the address identified as 0xa80d…c822. These holdings included several staked Ethereum derivatives taken during the initial drain.

Yearn Finance Team Responds While Investigation Continues

Yearn Finance stated that the exploit affected only the legacy yETH product. The team reported that active vaults and user positions did not face exposure. Security partners and auditing groups now review the incident to determine what allowed the contract weakness and how the unauthorized minting occurred. Yearn Finance has not announced any asset recovery process. Investigators continue to document fund movement and analyze the compromised contract. Market data showed that the governance token YFI traded near $3,956 after the incident and recorded a decline of about 4.4%.