{"id":62551,"date":"2025-12-09T04:16:44","date_gmt":"2025-12-09T04:16:44","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=62551"},"modified":"2025-12-09T04:16:44","modified_gmt":"2025-12-09T04:16:44","slug":"everything-you-need-to-know-about-yearn-finance-exploit","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=62551","title":{"rendered":"Everything You Need to Know About Yearn Finance Exploit"},"content":{"rendered":"<div>\n<p><span style=\"font-weight: 400\">Yearn Finance has published a detailed post-mortem on last week\u2019s yETH exploit, explaining how a numerical flaw in one of its older stableswap pools let an attacker mint an almost unlimited amount of LP tokens and steal about $9M in assets.<\/span><\/p>\n<p><span style=\"font-weight: 400\">The DeFi platform said it has already recovered part of the stolen funds.<\/span><\/p>\n<p><span style=\"font-weight: 400\">In the <\/span><a class=\"general-link\" href=\"https:\/\/github.com\/yearn\/yearn-security\/blob\/master\/disclosures\/2025-12-01.md\" target=\"_blank\" rel=\"noopener nofollow\"><span style=\"font-weight: 400\">report<\/span><\/a><span style=\"font-weight: 400\">, Yearn said the attack hit the yETH weighted stableswap pool at block 23,914,086 on November 30, 2025.\u00a0<\/span><\/p>\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone wp-image-317276 size-full\" src=\"https:\/\/99bitcoins.com\/wp-content\/uploads\/2025\/12\/Yearn_Incident_disclosure.png\" alt=\"Yearn Incident Disclosure\" width=\"1253\" height=\"705\" srcset=\"https:\/\/99bitcoins.com\/wp-content\/uploads\/2025\/12\/Yearn_Incident_disclosure.png 1253w, https:\/\/99bitcoins.com\/wp-content\/uploads\/2025\/12\/Yearn_Incident_disclosure-300x169.png 300w, https:\/\/99bitcoins.com\/wp-content\/uploads\/2025\/12\/Yearn_Incident_disclosure-1024x576.png 1024w, https:\/\/99bitcoins.com\/wp-content\/uploads\/2025\/12\/Yearn_Incident_disclosure-768x432.png 768w, https:\/\/99bitcoins.com\/wp-content\/uploads\/2025\/12\/Yearn_Incident_disclosure-50x28.png 50w\" sizes=\"(max-width: 1253px) 100vw, 1253px\"><\/p>\n<p><b>DISCOVER:<\/b><a class=\"general-link\" href=\"https:\/\/99bitcoins.com\/cryptocurrency\/best-crypto-to-buy\/\" target=\"_blank\" rel=\"nofollow noopener sponsored\"> <b>Top 20 Crypto to Buy in 2025<\/b><\/a><\/p>\n<h2><b>Which Yearn Products Were Affected and Which Stayed Safe?<\/b><\/h2>\n<p><span style=\"font-weight: 400\">The breach followed what the team described as \u201ca complex sequence of operations\u201d that pushed the pool\u2019s internal solver into a divergent state and then triggered an arithmetic underflow.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Yearn noted that its v2 and v3 vaults, along with the rest of its products, \u201cwere not affected.\u201d The impact stayed limited to yETH and the systems tied to it.<\/span><\/p>\n<p><span style=\"font-weight: 400\">The attacker targeted a custom stableswap pool that held several liquid staking tokens: apxETH, sfrxETH, wstETH, cbETH, rETH, ETHx, mETH, and wOETH, as well as a yETH\/WETH Curve pool.<\/span><\/p>\n<p><span style=\"font-weight: 400\">According to Yearn\u2019s asset snapshot, the pools held a mix of LSTs and 298.35 WETH before the exploit occurred.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Yearn\u2019s post-mortem breaks the attack into three clear steps.<\/span><\/p>\n<p>In the first stage, the attacker used a series of imbalanced add_liquidity deposits that pushed the pool\u2019s fixed-point solver into a state it wasn\u2019t built to manage.<\/p>\n<p><span style=\"font-weight: 400\">That move caused the internal product term, \u03a0, to fall to zero. Once that happened, the weighted-stableswap invariant failed, allowing the attacker to mint far more yETH LP tokens than the value they had actually deposited.<\/span><\/p>\n<p><span style=\"font-weight: 400\">With those inflated LP tokens in hand, the attacker moved to the next phase.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">They repeatedly called remove_liquidity and related functions, pulling out almost all of the LST liquidity. Most of the loss shifted onto protocol-owned liquidity inside the staking contract.\u00a0<\/span><\/p>\n<p><b>DISCOVER:<\/b><a class=\"general-link\" href=\"https:\/\/99bitcoins.com\/cryptocurrency\/high-risk-high-reward-crypto\/\" target=\"_blank\" rel=\"nofollow noopener sponsored\"> <b>9+ Best High-Risk, High-Reward Crypto to Buy in 2025<\/b><\/a><\/p>\n<h2><b>What Funds Has Yearn Recovered So Far, And Who Will Receive Them?<\/b><\/h2>\n<p><span style=\"font-weight: 400\">According to <\/span><a class=\"general-link\" href=\"https:\/\/github.com\/yearn\/yearn-security\/blob\/master\/disclosures\/2025-12-01.md\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400\">Yearn<\/span><\/a><span style=\"font-weight: 400\">, this sequence drove the pool\u2019s internal supply to zero even though ERC-20 balances still showed tokens in the contract.<\/span><\/p>\n<p><span style=\"font-weight: 400\">In the final step, the attacker slipped into a \u201cbootstrap\u201d initialization path that was only intended for the pool\u2019s first launch.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">By sending a crafted dust-level configuration that broke a key domain rule, they triggered an unsafe subtraction. That underflow created a massive batch of new yETH LP tokens and completed the exploit.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Yearn said the underflow was so severe that it created what the team called an \u201cinfinite-mint.\u201d The attacker used this flaw to drain the yETH\/ETH Curve pool.<\/span><\/p>\n<p><span style=\"font-weight: 400\">The project said it has recovered 857.49 pxETH so far with help from the Plume and Dinero teams. A recovery transaction took place on Dec. 1.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">Yearn plans to return the recovered assets to yETH depositors on a pro-rata basis, using balances from right before the exploit.\u00a0<\/span><span style=\"font-weight: 400\">Any further recoveries, whether from cooperation by the attacker or from new tracing efforts, will also go to depositors. <\/span><span style=\"font-weight: 400\">The timeline released by Yearn shows that a war room was formed about 20 minutes after the breach.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">The SEAL 911 response group joined soon after. Investigators say the attacker sent 1,000 ETH to Tornado Cash later that night, and moved the remaining funds through the mixer on Dec. 5.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Earlier reporting from The Block said roughly $3M in ETH moved through Tornado Cash in the hours after the attack.<\/span><\/p>\n<p><span style=\"font-weight: 400\">The post-mortem also reminds users that YIP-72 governs yETH. It points to the product\u2019s \u201cUse at Own Risk\u201d clause, which states that Yearn contributors and YFI governance are not responsible for covering losses.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">The report says any recovered funds will go back to affected users.<\/span><\/p>\n<p><b>DISCOVER:<\/b><a class=\"general-link\" href=\"https:\/\/99bitcoins.com\/cryptocurrency\/new-coinbase-listings\/\" target=\"_blank\" rel=\"nofollow noopener sponsored\"> <b>15+ Upcoming Coinbase Listings to Watch in 2025<\/b><\/a><\/p>\n<p>The post <a href=\"https:\/\/99bitcoins.com\/news\/altcoins\/everything-you-need-to-know-about-yearn-finance-exploit\/\">Everything You Need to Know About Yearn Finance Exploit<\/a> appeared first on <a href=\"https:\/\/99bitcoins.com\/\">99Bitcoins<\/a>.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Yearn Finance has published a detailed post-mortem on last week\u2019s yETH exploit, explaining how a numerical flaw in one of its older stableswap pools let an attacker mint an almost unlimited amount of LP tokens and steal about $9M in assets. The DeFi platform said it has already recovered part of the stolen funds. In [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":0,"footnotes":""},"categories":[2],"tags":[3,4,5],"class_list":["post-62551","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto","tag-doge","tag-news"],"_links":{"self":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/62551","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=62551"}],"version-history":[{"count":0,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/62551\/revisions"}],"wp:attachment":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=62551"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=62551"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=62551"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}