Yearn Finance yETH Pool Hit by $9M Exploit

A significant vulnerability in Yearn Finance’s yETH pool on Ethereum has enabled an attacker to drain about $9m in assets.

According to new findings released by Check Point Research (CPR), the flaw in the pool’s internal accounting allowed the perpetrator to mint 235 septillion yETH tokens after depositing only 16 wei, worth roughly $0.000000000000000045 at the time of the attack.

A Complex Exploit

The cybersecurity researchers said a critical oversight in the pool’s cached storage system created the opening.

The yETH pool uses stored virtual balances, known as packed_vbs[], to reduce gas costs during operation.

When all liquidity was removed from the pool, the main supply counter reset to zero, but the cached values did not. This desynchronization led the protocol to believe the pool was empty even though leftover phantom balances remained in storage.

The attacker took advantage of this by repeatedly cycling deposit and withdrawal transactions through flash loans. Each pass left behind small residual virtual balances that accumulated over time.

After completely emptying the pool, the attacker deposited tiny amounts across eight supported tokens. The protocol interpreted the action as a first-time deposit and minted tokens based on the inflated cached values instead of the negligible input.

Read more on Ethereum-related attacks: DeFi Protocol Balancer Loses Over $120m in Cyber Heist

How the Breach Unfolded

The intrusion progressed in six distinct phases:

Borrowing assets through flash loans
Polluting stored virtual balances with repeated deposit-withdrawal cycles
Burning all LP tokens to drop the supply to zero
Depositing 16 wei across the pool to trigger the flawed “first deposit” logic
Swapping the newly minted yETH for underlying assets
Converting proceeds to ETH, repaying loans and laundering funds

The attacker ultimately exchanged the stolen LSD assets, including wstETH, rETH and cbETH, into ETH through various DEXs before routing a portion through Tornado Cash.

CPR noted that the incident underscores the risk created by complex AMM mechanics and gas-saving optimizations.

“For defenders, this exploit reinforces that correctness in complex systems requires explicit handling of ALL state transitions, not just the happy path,” they said.

The company added that the breach could have been prevented with transaction simulation, sequence-level monitoring and automated blocking of abnormal minting behavior.

Source link

What's Hot

Babylon and Aave push for Bitcoin-backed DeFi lending without wrapped BTC

Russia Expands Crypto Mining Registry Rules With Mandatory IP Address Tracking

Japan FSA Finalizes New Rules for Stablecoins, Crypto Intermediaries, and Funds Transfers

Yearn Finance yETH Pool Hit by $9M Exploit

Pyth Network Hit by 4-Hour System Outage, Disrupting Oracle Feeds for DeFi Protocols

Bank of England’s 24/7 settlement plan shows where tokenized finance can enter core markets

Hyperliquid Is Becoming A Core Infrastructure Layer For Crypto Finance

UXLINK Collaborates With AdaptHF To Unlock Web3 Finance With AI Agents

Tether hired top HSBC gold traders, then cut them weeks before auditors arrive

Court Ruling in SEC Case Confirms Ripple “Doesn’t Own XRP Ledger”

Damn, Terra Luna Is up 10,000% This Year??

Top Insights

Babylon and Aave push for Bitcoin-backed DeFi lending without wrapped BTC

Russia Expands Crypto Mining Registry Rules With Mandatory IP Address Tracking

Japan FSA Finalizes New Rules for Stablecoins, Crypto Intermediaries, and Funds Transfers

What's Hot

Yearn Finance yETH Pool Hit by $9M Exploit

A Complex Exploit

How the Breach Unfolded

Related Posts

Subscribe to Updates