Yearn Finance confirmed an energetic exploit affecting its yETH product on Sunday, after an attacker minted an successfully limitless quantity of yETH and drained liquidity from Balancer swimming pools.
The incident triggered heavy on-chain motion, together with a number of 100 ETH transfers routed via Twister Money.
Sponsored
Sponsored
Infinite-Mint Assault Drains Liquidity From Balancer Swimming pools
In keeping with blockchain knowledge, the exploit occurred round 21:11 UTC on November 30, when a malicious pockets executed an infinite-mint assault that created roughly 235 trillion yETH in a single transaction.
another balancer associated stuff trying like an exploit contemplating heavy interactions with twister
yearn, rocket pool, origin, dinero and different LST going round pic.twitter.com/wUuexeQJyg
— Togbe (@Togbe0x) November 30, 2025
Nansen’s alert system later confirmed the assault and recognized the occasion as an infinite-mint vulnerability within the yETH token contract, not in Yearn’s Vault infrastructure.
The attacker used the newly minted yETH to empty actual property—primarily ETH and Liquid Staking Tokens (LSTs)—from Balancer liquidity swimming pools. Early estimates counsel roughly $2.8 million in property have been eliminated.
Round 1,000 ETH was laundered via Twister Money shortly after the assault. A number of helper contracts used within the exploit have been deployed minutes earlier than the incident and self-destructed afterward to obscure the path.
another balancer associated stuff trying like an exploit contemplating heavy interactions with twister
yearn, rocket pool, origin, dinero and different LST going round pic.twitter.com/wUuexeQJyg
— Togbe (@Togbe0x) November 30, 2025
Yearn acknowledged that V2 and V3 Vaults weren’t affected, and the vulnerability seems restricted to the legacy yETH implementation.
Sponsored
Sponsored
The protocol’s Complete Worth Locked (TVL) stays above $600 million, in line with CoinGecko, suggesting core techniques weren’t compromised.
YFI Worth Spikes as Market Reverses Preliminary Panic
Nonetheless, the market response created an sudden dynamic. Shortly after the exploit was flagged on social media and by blockchain analysts, YFI’s worth spiked sharply, climbing from close to $4,080 to over $4,160 inside an hour.
The transfer got here regardless of the detrimental headlines surrounding the broader Yearn ecosystem.
Yearn Finance YFI Token Worth Chart. Supply: CoinGecko
The value response seems tied to market misinterpretation within the early minutes of the incident. Preliminary claims of a “Yearn exploit” prompted high-leverage brief positions on YFI, given the token’s skinny liquidity and traditionally aggressive draw back strikes throughout hack occasions.
The assault was remoted to yETH and never Yearn’s Vaults, and short-sellers started masking their positions. This triggered a short brief squeeze and a volatility-driven worth spike.
YFI’s circulating provide is simply 33,984 tokens, making it probably the most illiquid main DeFi governance property. This construction amplifies worth actions, notably in periods of uncertainty or fast liquidation move. Derivatives knowledge additionally confirmed elevated funding volatility instantly after the exploit alert.
For now, losses seem contained to the yETH and Balancer swimming pools touched by the exploit. Investigations stay ongoing, and it’s unclear whether or not any restoration choices exist for the stolen property.
Markets will seemingly look ahead to a proper Yearn disclosure detailing root trigger, patching efforts, and potential governance actions.
