# Another established DeFi protocol has been attacked. Yearn lost 1,000 ETH. Is DeFi completely unusable now?
YFI
$3,008
2.62%
42 KOL Opinions
loading indicator
Loading..
Deep Dives
67
17
Comments
Deep Dives
Powered by Asksurf.ai

Analysis of the Yearn Finance yETH LST pool attack incident

TL;DR

At 21:11 UTC on November 30, 2025, Yearn Finance's yETH LST product suffered an unlimited issuance vulnerability attack. The attacker minted approximately 235 trillion yETH tokens and withdrew approximately $2.8 million worth of ETH and LST assets from the relevant Balancer liquidity pool, subsequently laundering the money through Tornado Cash. Yearn's main vaults (V2/V3) were unaffected, but the incident exposed security risks in traditional LST implementations.

Core Analysis

Attack Details and Mechanisms

Attack Timeline :

  • Attack time : November 30, 2025, 21:11 UTC theblock.co
  • Vulnerability type : Unlimited issuance vulnerability in the yETH token contract (beincrypto.com)
  • Attack Scale : A single transaction minted approximately 235 trillion yETH tokens. (beincrypto.com )

Technical details :

  • The attackers deployed a secondary contract minutes before the attack, which immediately self-destructed afterward to cover their tracks .
  • Use minted fake yETH tokens to exchange for real assets, including ETH and various LSTs (Rocket Pool, Origin, Dinero, etc.) from Balancer pools . beincrypto.com
  • Nansen alert confirms unlimited issuance issue in the yETH contract (beincrypto.com)

Loss Assessment

index Amount state
Total loss estimate $2.8-3 million Confirmed
Transfer to Tornado Cash 1,000 ETH (~$3 million) Money laundered
Affected pool yETH LST Balancer pool Exhausted
Yearn Main Vault TVL $600 million Unaffected

Fund flow :

  • The attackers converted the stolen assets into approximately 1,000 ETH.
  • Multiple batch transfers of 100 ETH each were made to the Tornado Cash mixer theblock.co
  • The money laundering process was completed before 22:00 UTC.

Official Response Analysis

Yearn Finance Statement :

  • The vulnerability has been confirmed to be limited to the traditional yETH token contract; V2/V3 vaults are unaffected. (beincrypto.com )
  • Emphasizing that core TVL (over $600 million) remains stable , beincrypto.com
  • An investigation is underway, and a formal post-incident analysis report has not yet been released . beincrypto.com

Market reaction :

  • The price of YFI token surged from $4,080 to $4,160 within an hour of the event, primarily due to a short squeeze rather than panic selling.
  • The overall TVL of the agreement remained stable, demonstrating market confidence in core infrastructure.

Community sentiment analysis

Limited community response :

  • As of December 1, 2025 UTC, no large-scale, highly engaged community discussions were found.
  • Official communications emphasized the isolation of the incident, aiming to maintain confidence in the core infrastructure beincrypto.com.
  • The lack of widespread community criticism indicates the absence of immediate signs of a trust crisis.

Risk narrative theme :

  • The discussion focused on vulnerabilities in the LST AMM design, such as the risk of unlimited issuance within liquidity pools .
  • The necessity of robust contract auditing in yield-optimized products is emphasized at beincrypto.com.

Short-term risk assessment

Technological risks

Contract security issues :

  • yETH products exposed critical vulnerabilities in traditional LST implementations.
  • The unlimited issuance vulnerability indicates that the casting mechanism lacks proper security checks.
  • A comprehensive audit of similar traditional contracts is required.

Liquidity risk :

  • The liquidity in the Balancer pool related to yETH has been drained.
  • yETH product functionality may be limited in the short term.
  • Users may face difficulties in exiting the platform or price shocks.

Reputation and Trust Risk

At the agreement level :

  • Although the core vault was unaffected, the attack could impact overall confidence in Yearn's security.
  • Vulnerabilities in traditional products may trigger scrutiny of other Yearn products.
  • Transparent post-incident analysis and remedial measures are needed to restore confidence.

LST ecosystem risks :

  • This incident highlights the systemic risks in LST pool design.
  • This could raise questions about the security of other LST protocols.
  • Regulatory attention may increase due to money laundering activities.

Market impact risk

Short-term market dynamics :

  • The unusual rise in YFI prices indicates a complex market reaction.
  • There may be a short-term capital outflow from Yearn products.
  • Competitors may use this event to gain market share.

in conclusion

While the Yearn Finance yETH LST pool attack was relatively small in scale (approximately $2.8 million), it exposed significant security vulnerabilities in traditional LST implementations. Key risk factors include the technical severity of the unlimited issuance vulnerability, the rapid money laundering of funds via Tornado Cash, and the potential impact on the security of the broader LST ecosystem. Although Yearn's core infrastructure was unaffected, users should closely monitor official updates and remediation efforts in the short term and assess similar risk exposures for other LST products.

Ask Surf More