logo
Peer to Peer
0 likes

Major Exploit Drains Millions from yETH Pool

A sophisticated attack on the liquidity pool of yETH — the liquid staking token index offered by Yearn Finance — drained millions of dollars in assets when an attacker minted an effectively unlimited amount of yETH and exchanged the bogus tokens for real ETH and other liquid-staking assets. Blockchain data indicate close to 1,000 ETH — roughly US$ 3 million — was swiftly moved through mixing service Tornado Cash in a single transaction, while the wider financial impact may scale significantly higher.

The exploit hinged on a critical flaw in the smart contract underpinning yETH’s “stableswap pool,” which permitted the creation of an unbounded number of yETH tokens. Immediately after minting, the attacker used those tokens to withdraw real ETH and other assets from liquidity pools tied to yETH, rapidly draining the pool. Multiple helper contracts deployed for the attack self-destructed soon after, making tracing efforts challenging.

Shortly after the event, Yearn Finance confirmed the breach and clarified that its core vault offerings — including V2 and V3 vaults — remain unaffected, noting the issue appears isolated to the legacy yETH pool. That distinction may have prevented a broader protocol-wide collapse, although internal assessments are ongoing to fully understand the exploit’s scope.

Further on-chain analysis by security firms suggests total losses could approach US$ 9 million, once damage to auxiliary pools — including a yETH–WETH pool — are accounted for. Nearly US$ 3 million in stolen ETH has already been funneled through Tornado Cash, rendering recovery difficult as funds are mixed and dispersed.

Market reaction was immediate: major cryptocurrencies including Bitcoin and Ether slid sharply during Asian trading hours, signalling heightened investor anxiety about DeFi security vulnerabilities. The incident has reignited scrutiny over legacy smart-contract code within decentralised finance platforms and underscored persistent risks associated with innovation outpacing security audits.

Arabian Post – Crypto News Network

Notice an issue?

Arabian Post strives to deliver the most accurate and reliable information to its readers. If you believe you have identified an error or inconsistency in this article, please don't hesitate to contact our editorial team at editor[at]thearabianpost[dot]com. We are committed to promptly addressing any concerns and ensuring the highest level of journalistic integrity.

ADVERTISEMENT

Share

Related news

Buzz | Arabian Post
Peer to Peer
Featured
Asian News by Media-Outreach
Asian News by Media-Outreach
Featured
Just in:
AECOM and Urban Land Institute launch inaugural Asia Pacific Infrastructure Innovation Index, highlighting region’s evolving infrastructure innovation priorities // Abu Dhabi gaming push gains AI edge // MOKiN Introduces Safe Swap Programme in Malaysia to Encourage Safer Charging Habits // Handshake Finance Raises S$500K Pre-Seed to Build Escrow-as-a-Service for Singapore’s High-Trust Service Industries // Abu Dhabi forum weighs AI impact // Anthropic widens Mythos cyber access // War squeeze slows India’s oil demand growth // Windows Search flaw exposes credentials // Dogecoin gains broader rails through Paxos // Gulf strikes test fragile US-Iran truce // Abu Dhabi freezes rents across property sectors // Dairy line upgrades promise deeper emissions cuts // House vote sharpens Trump Iran rift // Weak Monsoon Forecast Raises Fresh Concerns For India’s Rs 3 Lakh Crore Microfinance Sector // Bitcoin sell-off tests institutional faith // Innio’s Nasdaq debut taps AI power rush // OMIFCO listing to deepen Muscat market // Kioxia surge redraws Japan’s market order // Audible rewards users for listening // Hong Kong forges new opportunities with Kazakhstan and Central Asia //