The Yearn Finance team has recovered approximately $2.4 million worth of stolen assets from the most recent exploit of the legacy DeFi protocol, as total estimated losses approach $9 million, according to an update on Monday. A coordinated recovery mission is “active and ongoing,” a post on X reads.
On Sunday, a vulnerability in the once-popular yield-farming protocol was exploited to drain assets from the Yearn Ether (yETH) stableswap pool and smaller yETH‑WETH pool on Curve. The attack, the third targeting Yearn since 2021, was of a “similar high complexity” to the recent Balancer hack, Yearn said.
According to a post-mortem published on Monday, the “root cause” stems from an “unchecked arithmetic” bug and other “contributing design issues” that enabled the attacker to mint the 2.3544×10^56 yETH tokens — a near infinite amount — used to drain liquidity from the protocol.
“The actual exploit transactions follow this pattern: the huge mint is followed by a sequence of withdrawals that move real assets to the attacker, while the yETH token supply is effectively meaningless,” according to the postmortem.
Yearn notes that the attack was targeted and should not impact its V2 or V3 vaults. “Any assets successfully recovered will be returned to affected depositors,” the team added.
As The Block previously reported, the attacker was able to move at least 1,000 ETH and several liquid staking tokens to the Tornado Cash anonymizer. Yearn, together with crypto security firms SEAL 911 and ChainSecurity, worked with Plume network to recover 857.49 pxETH as of press time.
BlockScout said that the hacker deployed self-destructing “helper contracts” as part of the attack. These code inserts are specialized auxiliary smart contracts that are used to perform automated tasks, and often abused during flash loan attacks that require multiple steps within a single transaction.
The attacker, for instance, used a helper contract to manipulate the vulnerable yETH function, mint an absurd amount of tokens, and drain the protocol, before detonating itself. “Self-destruct removes bytecode, making the contract unreadable afterward, but creation transactions and logs are preserved,” Blockscout said.
“Initial analysis indicated this hack has a similar high complexity level to the recent Balancer hack, so please bear with us as we perform the post-mortem analysis,” Yearn said on Sunday. “There is no other Yearn product using similar code to what was impacted.”
© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Trade Crypto On Coinhub Exchange
Trade Crypto On Coinhub Exchange
Stay ahead of the market by turning news insights into trading opportunities. With Coinhub Exchange, you can seamlessly buy, sell, and manage your digital assets, all in one secure platform. Take advantage of real-time market insights, deep liquidity, and fast execution for your favorite cryptocurrencies. Don’t just read about it — trade crypto now!
Disclaimer
The content of this article shown by Coinhub News, powered by The Block, is for informational purposes only and should not be construed as financial, legal, tax, or investment advice. Coinhub News and its affiliates are not a licensed financial advisor, legal advisor, broker, or tax advisor, and ... should not be considered as professional advice or a recommendation to engage in any specific investment, legal decision, or financial transaction. Cryptocurrency markets are highly speculative and volatile. Readers should perform their own independent research and consult with a qualified professional before making any financial or legal decisions. The opinions expressed in this article are those of the author and do not necessarily represent the views or opinions of the Company of its affiliates. Additionally, the Company does not make any representations or warranties regarding the accuracy, timeliness, reliability, or completeness of any information in this article. By accessing this content, you acknowledge that any reliance on the information contained in this article is solely at your own risk. The Company is not responsible for any financial losses, legal disputes, or other damages that may arise from reliance on this content or from any investment or legal decisions based on the information provided. Investing in cryptocurrencies involves substantial risks, including the risk of losing your entire investment, and you should carefully consider whether it is appropriate for your circumstances.
Read more
