Yearn Finance confirmed an lively exploit affecting its yETH product on Sunday, after an attacker minted an successfully limitless quantity of yETH and drained liquidity from Balancer swimming pools.
The incident triggered heavy on-chain motion, together with a number of 100 ETH transfers routed by way of Twister Money.
Sponsored
Sponsored
Infinite-Mint Assault Drains Liquidity From Balancer Swimming pools
In accordance with blockchain information, the exploit occurred round 21:11 UTC on November 30, when a malicious pockets executed an infinite-mint assault that created roughly 235 trillion yETH in a single transaction.
Nansen’s alert system later confirmed the assault and recognized the occasion as an infinite-mint vulnerability within the yETH token contract, not in Yearn’s Vault infrastructure.
The attacker used the newly minted yETH to empty actual property—primarily ETH and Liquid Staking Tokens (LSTs)—from Balancer liquidity swimming pools. Early estimates counsel roughly $2.8 million in property had been eliminated.
Round 1,000 ETH was laundered by way of Twister Money shortly after the assault. A number of helper contracts used within the exploit had been deployed minutes earlier than the incident and self-destructed afterward to obscure the path.
Yearn said that V2 and V3 Vaults weren’t affected, and the vulnerability seems restricted to the legacy yETH implementation.
Sponsored
Sponsored
The protocol’s Whole Worth Locked (TVL) stays above $600 million, in accordance with CoinGecko, suggesting core methods weren’t compromised.
YFI Value Spikes as Market Reverses Preliminary Panic
Nevertheless, the market response created an sudden dynamic. Shortly after the exploit was flagged on social media and by blockchain analysts, YFI’s worth spiked sharply, climbing from close to $4,080 to over $4,160 inside an hour.
The transfer got here regardless of the detrimental headlines surrounding the broader Yearn ecosystem.
The worth response seems tied to market misinterpretation within the early minutes of the incident. Preliminary claims of a “Yearn exploit” prompted high-leverage quick positions on YFI, given the token’s skinny liquidity and traditionally aggressive draw back strikes throughout hack occasions.
The assault was remoted to yETH and never Yearn’s Vaults, and short-sellers started protecting their positions. This triggered a quick quick squeeze and a volatility-driven worth spike.
YFI’s circulating provide is just 33,984 tokens, making it one of the crucial illiquid main DeFi governance property. This construction amplifies worth actions, significantly during times of uncertainty or fast liquidation stream. Derivatives information additionally confirmed elevated funding volatility instantly after the exploit alert.
For now, losses seem contained to the yETH and Balancer swimming pools touched by the exploit. Investigations stay ongoing, and it’s unclear whether or not any restoration choices exist for the stolen property.
Markets will possible look ahead to a proper Yearn disclosure detailing root trigger, patching efforts, and potential governance actions.