Yearn Finance Suspected of Attack, Hacker Sends 1,000 ETH of Stolen Funds to Tornado Cash
BlockBeats News, December 1st, according to The Block, Yearn Finance appears to have been attacked, with its Yearn Ether (yETH) product, which aggregates popular Liquid Staking Tokens (LST), being drained of millions of dollars' worth of LST assets.
Blockchain data shows that the attacker exploited a carefully crafted vulnerability to mint nearly an infinite amount of yETH tokens in a single transaction, completely draining the pool. The attack transaction resulted in 1,000 ETH (valued at approximately $3 million at current prices) being sent to the Tornado Cash privacy protocol. This attack involved multiple newly deployed smart contracts, some of which self-destructed after the transaction. The exact scale of the loss is currently unclear, but prior to the attack, the yETH pool's size was around $11 million.
This hack was first discovered by user X, Togbe, who noticed the attack while monitoring large transfers. "On-net transfer shows an over mint of yETH that allowed the attacker to drain the pool somehow and make a profit of around 1,000 ETH," Togbe stated in the message. "Part of the ETH was sacrificed along the way for reasons unknown, but they still made a profit in the end."
"We are investigating the incident involving the yETH LST StableSwap pool," Yearn stated on X, "Yearn's V2 and V3 Vaults are unaffected."
Yearn Finance previously suffered an attack in 2021, affecting its yDAI insurance vault, resulting in a loss of $11 million, with the hacker ultimately profiting $2.8 million. In December 2023, the protocol saw a 63% loss in one of its vault positions due to a scripting error, but user funds were unaffected. Yearn's founder, Andre Cronje, started the project in 2020 and departed two years later.
You may also like
Perplexity Fine-Tuned a Chinese AI Model to Match Claude Opus 4.8 at One-Third the Cost
Bank of Korea defends bank-first stablecoin plan amid bill deadlock
JPMorgan says bitcoin's main risk isn't Strategy, but blockchain adoption that doesn't benefit public chains and tokens
Fear & Greed Index Today: What Extreme Fear Means for Crypto, Stocks and Gold
Labour MPs Push to Make UK Crypto Donation Ban Permanent
Supreme Court ruling expanding Trump's authority over federal agencies raises questions for SEC, CFTC as crypto rulemaking advances
'Bottom building in progress': Analysts say bitcoin holder capitulation signals late-stage bear market
A Comprehensive Analysis: Starting from 1996, Who is Laying the Foundation for the Next Generation of Capital Markets
Luke Dashjr, the Biggest Anti-Spammer of Bitcoin, Inscribed Phrases on the Network in 2011
Whales bought 270,000 BTC while ETFs bled $7 billion. One side is wrong
The crypto IPO class of 2025-26 is down as much as 89%. Autopsy of a listing boom
Robinhood Chain Mining Guide: A Comprehensive Tutorial from Cross-Chain to Memecoin
BitGo CEO says single-digit percentages of bitcoin's supply are 'probably right' for large holders amid Strategy's sale
Beyond Private Keys: How to Safeguard the Security Boundaries of Web3 from Wallets, L2 to Supply Chains?
Vanguard Enters the Market, Opening a New Crypto Gateway for 50 Million Traditional Investors
Why the OUSD Alliance of 150 Companies Still Cannot Shake USDT and USDC?
Citigroup Analysis: Is There Still 47% Upside for Nvidia? Can Rubin and CPO Deliver?
WEEX API Fast Connect: Turn Every Sign-In Into a Live Trader in Under 10 Seconds
WEEX API Fast Connect is a one-click OAuth authorization system that lets your users link their WEEX account without ever touching an API key. Frictionless onboarding, faster conversions, higher retention — built for WEEX Broker partners.
