{"id":91595,"date":"2025-12-01T11:19:32","date_gmt":"2025-12-01T08:19:32","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=91595"},"modified":"2025-12-01T11:20:21","modified_gmt":"2025-12-01T08:20:21","slug":"yearn-finance-defi-project-hacked-for-9-million","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/yearn-finance-defi-project-hacked-for-9-million\/","title":{"rendered":"Yearn Finance DeFi Project Hacked for $9 Million"},"content":{"rendered":"<p>On November 30, unknown attackers targeted the Yearn Finance protocol, resulting in a total loss of $9 million, according to blockchain security experts PeckShield.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/PeckShieldAlert?src=hash&#038;ref_src=twsrc%5Etfw\">#PeckShieldAlert<\/a> Yearn Finance <a href=\"https:\/\/twitter.com\/yearnfi?ref_src=twsrc%5Etfw\">@yearnfi<\/a> suffered an attack resulting in a total loss of ~$9M.<\/p>\n<p>The exploit involved minting a near-infinite number of yETH tokens, depleting the pool in a single transaction. <\/p>\n<p>~1K <a href=\"https:\/\/twitter.com\/search?q=%24ETH&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$ETH<\/a> (worth ~$3M) was sent to <a href=\"https:\/\/twitter.com\/hashtag\/TornadoCash?src=hash&#038;ref_src=twsrc%5Etfw\">#TornadoCash<\/a>, while the exploiter&#8217;s\u2026 <a href=\"https:\/\/t.co\/IXNygpwoWa\">pic.twitter.com\/IXNygpwoWa<\/a><\/p>\n<p>\u2014 PeckShieldAlert (@PeckShieldAlert) <a href=\"https:\/\/twitter.com\/PeckShieldAlert\/status\/1995311852310675537?ref_src=twsrc%5Etfw\">December 1, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h2 class=\"wp-block-heading\">Details<\/h2>\n<p>The project team confirmed the hack, emphasizing that it was due to a vulnerability in the Yearn Ether (yETH) product code.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">At 21:11 UTC on Nov 30, an incident occurred involving the yETH stableswap pool that resulted in the minting of a large amount of yETH. The contract impacted is a custom version of popular stableswap code, unrelated to other Yearn products. Yearn V2\/V3 vaults are not at risk.<\/p>\n<p>\u2014 yearn (@yearnfi) <a href=\"https:\/\/twitter.com\/yearnfi\/status\/1995344733154250993?ref_src=twsrc%5Etfw\">December 1, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to PeckShield, the attackers minted nearly infinite tokens, draining the entire <a href=\"https:\/\/forklog.com\/en\/news\/what-are-liquidity-pools-and-how-do-they-work\">pool<\/a> in a single transaction of 1000 ETH (~$3 million).<\/p>\n<p>The stolen funds were immediately sent by the hackers to the crypto mixer <a href=\"https:\/\/forklog.com\/en\/news\/what-is-the-tornado-cash-mixer-and-why-was-it-sanctioned\">Tornado Cash<\/a>.<\/p>\n<p>Yearn developers stated that the affected contract is a custom version of popular stableswap code, not linked to other protocol products. Yearn V2\/V3 remain secure, they emphasized.<\/p>\n<p>Preliminary data indicated the following approximate losses:<\/p>\n<ul class=\"wp-block-list\">\n<li>$8 million from the affected stableswap pool;<\/li>\n<\/ul>\n<ul class=\"wp-block-list\">\n<li>$0.9 million from the yETH-WETH stable swap pool on <a href=\"https:\/\/forklog.com\/en\/news\/what-is-curve-lend-and-how-does-its-liquidation-protection-mechanism-work\">Curve<\/a>.<\/li>\n<\/ul>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cInitial analysis showed that the complexity of the hack is similar to the <\/em><a href=\"https:\/\/forklog.com\/en\/news\/balancer-defi-protocol-suffers-128m-hack\"><em>recent Balancer exploit<\/em><\/a><em>, so please be patient as we conduct our analysis. No other Yearn product uses code similar to the one affected,\u201d the project team added.<\/em><\/p>\n<\/blockquote>\n<h2 class=\"wp-block-heading\">Impact<\/h2>\n<p>Following the incident, the Yearn token \u2014 YFI \u2014 fell by 5.5%. At the time of writing, the asset is trading around $3900 with a market capitalization of $132.6 million.<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"600\" src=\"https:\/\/forklog.com\/wp-content\/uploads\/img-3adfecf5796783ce-10969810144765336-1024x600.png\" alt=\"image\" class=\"wp-image-270816\" srcset=\"https:\/\/forklog.com\/wp-content\/uploads\/img-3adfecf5796783ce-10969810144765336-1024x600.png 1024w, https:\/\/forklog.com\/wp-content\/uploads\/img-3adfecf5796783ce-10969810144765336-300x176.png 300w, https:\/\/forklog.com\/wp-content\/uploads\/img-3adfecf5796783ce-10969810144765336-768x450.png 768w, https:\/\/forklog.com\/wp-content\/uploads\/img-3adfecf5796783ce-10969810144765336-1536x900.png 1536w, https:\/\/forklog.com\/wp-content\/uploads\/img-3adfecf5796783ce-10969810144765336.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Hourly chart of YFI\/USDT on Binance. Source: <a href=\"https:\/\/ru.tradingview.com\/chart\/atJ4mYHE\/?symbol=BINANCE%3AYFIUSDT\">TradingView<\/a>.<\/figcaption><\/figure>\n<p><span data-descr=\"total value locked\" class=\"old_tooltip\">TVL<\/span> of the protocol decreased from $432 million to $410 million over the past day. At its peak in November 2021, the figure was $6.7 billion.<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"532\" src=\"https:\/\/forklog.com\/wp-content\/uploads\/img-106153dbf20122d7-10969833822479332-1024x532.png\" alt=\"image\" class=\"wp-image-270817\" srcset=\"https:\/\/forklog.com\/wp-content\/uploads\/img-106153dbf20122d7-10969833822479332-1024x532.png 1024w, https:\/\/forklog.com\/wp-content\/uploads\/img-106153dbf20122d7-10969833822479332-300x156.png 300w, https:\/\/forklog.com\/wp-content\/uploads\/img-106153dbf20122d7-10969833822479332-768x399.png 768w, https:\/\/forklog.com\/wp-content\/uploads\/img-106153dbf20122d7-10969833822479332-1536x798.png 1536w, https:\/\/forklog.com\/wp-content\/uploads\/img-106153dbf20122d7-10969833822479332.png 1606w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Source: <a href=\"https:\/\/defillama.com\/protocol\/yearn-finance\">DefiLlama<\/a>.<\/figcaption><\/figure>\n<p>This latest incident is not the first hack of Yearn. In 2021, an unknown party <a href=\"https:\/\/forklog.com\/en\/news\/hacker-drains-2-8m-from-yearn-finance-defi-pool\">extracted<\/a> $2.8 million from the v1 yDAI pool. The project promptly <a href=\"https:\/\/forklog.com\/en\/news\/yearn-finance-reimbursed-losses-to-the-v1-ydai-pool-after-attack\">compensated<\/a> affected users for their losses.<\/p>\n<p>In December 2023, due to a &#8220;faulty scenario&#8221; in a <a href=\"https:\/\/forklog.com\/en\/news\/what-is-a-multisignature-what-is-a-ring-signature\">multisig<\/a> transaction, the protocol <a href=\"https:\/\/forklog.com\/en\/news\/yearn-finance-loses-1-4-million-due-to-a-transaction-error\">lost<\/a> 63% of its treasury funds in the Lp yCRV pool. The incident occurred during a &#8220;routine token fee conversion process&#8221; and resulted in the exchange of 3,794,894 yCRV for 779,958 yvDAI. The team clarified that the loss amounted to $1.4 million.<\/p>\n<p>In November 2025, on-chain researcher tanuki42 <a href=\"https:\/\/forklog.com\/en\/news\/researcher-uncovers-undisclosed-44-million-hack-of-dwf-labs\">discovered<\/a> an undisclosed hack of the <a href=\"https:\/\/forklog.com\/en\/news\/what-is-a-market-maker\">market maker<\/a> DWF Labs for $44 million.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On November 30, unknown attackers targeted the Yearn Finance protocol, resulting in a total loss of $9 million, according to blockchain security experts PeckShield.<\/p>\n","protected":false},"author":1,"featured_media":91596,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"Yearn Finance protocol hacked for $9 million; attackers exploited yETH vulnerability.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1093,1869],"class_list":["post-91595","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-defi","tag-yearn-finance"],"aioseo_notices":[],"amp_enabled":true,"views":"811","promo_type":"1","layout_type":"1","short_excerpt":"Yearn Finance protocol hacked for $9 million; attackers exploited yETH vulnerability.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/91595","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=91595"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/91595\/revisions"}],"predecessor-version":[{"id":91597,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/91595\/revisions\/91597"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/91596"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=91595"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=91595"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=91595"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}