Close Menu
  • Latest News
    • Market
    • Altcoins
    • Legal and Regulatory
  • Tech
    • Blockchain
    • Security and Privacy
  • Web 3
    • Web3 News
    • NFTs
    • Gaming
  • Learn
    • Education
    • Investments
    • Staking
    • Wallets and Exchanges
  • ICOs
  • Mining
  • Crypto Tools
    • Exchange Tool
  • Shop
What's Hot

Circle Brings Native EURC To Base As MiCA Gives Euro Stablecoins A Clearer Lane

July 10, 2026

New Hampshire snuffs out trailblazing bitcoin bond effort

July 10, 2026

New Crypto: BNB Based AlphaPepe Nears Tier-1 Exchange Debut While Ethereum Price Prediction Targets $4000

July 10, 2026
Facebook X (Twitter) Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook X (Twitter) Instagram
CryptoPulseDaily.com
  • Latest News
    • Market
    • Altcoins
    • Legal and Regulatory
  • Tech
    • Blockchain
    • Security and Privacy
  • Web 3
    • Web3 News
    • NFTs
    • Gaming
  • Learn
    • Education
    • Investments
    • Staking
    • Wallets and Exchanges
  • ICOs
  • Mining
  • Crypto Tools
    • Exchange Tool
  • Shop
CryptoPulseDaily.com
Home»Security and Privacy»Yearn Finance yETH Pool Hit by $9M Exploit
Yearn Finance yETH Pool Hit by $9M Exploit
Security and Privacy

Yearn Finance yETH Pool Hit by $9M Exploit

December 3, 2025No Comments2 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email

A significant vulnerability in Yearn Finance’s yETH pool on Ethereum has enabled an attacker to drain about $9m in assets.

According to new findings released by Check Point Research (CPR), the flaw in the pool’s internal accounting allowed the perpetrator to mint 235 septillion yETH tokens after depositing only 16 wei, worth roughly $0.000000000000000045 at the time of the attack.

A Complex Exploit

The cybersecurity researchers said a critical oversight in the pool’s cached storage system created the opening.

The yETH pool uses stored virtual balances, known as packed_vbs[], to reduce gas costs during operation.

When all liquidity was removed from the pool, the main supply counter reset to zero, but the cached values did not. This desynchronization led the protocol to believe the pool was empty even though leftover phantom balances remained in storage.

The attacker took advantage of this by repeatedly cycling deposit and withdrawal transactions through flash loans. Each pass left behind small residual virtual balances that accumulated over time.

After completely emptying the pool, the attacker deposited tiny amounts across eight supported tokens. The protocol interpreted the action as a first-time deposit and minted tokens based on the inflated cached values instead of the negligible input.

Read more on Ethereum-related attacks: DeFi Protocol Balancer Loses Over $120m in Cyber Heist

How the Breach Unfolded

The intrusion progressed in six distinct phases:

  • Borrowing assets through flash loans

  • Polluting stored virtual balances with repeated deposit-withdrawal cycles

  • Burning all LP tokens to drop the supply to zero

  • Depositing 16 wei across the pool to trigger the flawed “first deposit” logic

  • Swapping the newly minted yETH for underlying assets

  • Converting proceeds to ETH, repaying loans and laundering funds

See also  Three-Quarters of Ransomware Payments Linked to Russia

The attacker ultimately exchanged the stolen LSD assets, including wstETH, rETH and cbETH, into ETH through various DEXs before routing a portion through Tornado Cash.

CPR noted that the incident underscores the risk created by complex AMM mechanics and gas-saving optimizations.

“For defenders, this exploit reinforces that correctness in complex systems requires explicit handling of ALL state transitions, not just the happy path,” they said.

The company added that the breach could have been prevented with transaction simulation, sequence-level monitoring and automated blocking of abnormal minting behavior.

Source link

exploit Finance Hit Pool Yearn yETH
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Relay Protocol Warns of Robinhood Chain Honeypot Coins

July 9, 2026

Why Bitcoin ATMs are becoming the last stop in America’s $11B crypto scam pipeline

July 9, 2026

The Sam Altman Orb Scans Hit Oxford Street

July 9, 2026

Polymarket hit with New York lawsuit over Strategy Bitcoin market

July 9, 2026
Add A Comment
Leave A Reply Cancel Reply

Top Posts

Crypto PAC backed by Anchorage and Chainlink announces endorsements for 2026 midterms

May 22, 2026

VanEck predicts Bitcoin inflows of over $2B in 2024

December 9, 2023

$440M Crypto Ponzi TradeAI case dodges dismissal bid

March 25, 2026

Subscribe to Updates

Get the latest creative news From Crypto Daily Pulse directly in your Inbox!

Our mission is to develop a community of people who try to make financially sound decisions. The website strives to educate individuals in making wise choices about Crypto, ICOs, Web3, Blockchain and more.

We're social. Connect with us:

Facebook X (Twitter) Instagram Pinterest YouTube
Top Insights

Circle Brings Native EURC To Base As MiCA Gives Euro Stablecoins A Clearer Lane

July 10, 2026

New Hampshire snuffs out trailblazing bitcoin bond effort

July 10, 2026

New Crypto: BNB Based AlphaPepe Nears Tier-1 Exchange Debut While Ethereum Price Prediction Targets $4000

July 10, 2026
Get Informed

Subscribe to Updates

Get the latest creative news From Crypto Daily Pulse directly in your Inbox!

  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2026 Crypto Pulse Daily - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.

Cleantalk Pixel
  • bitcoinBitcoin(BTC)$64,115.002.77%
  • ethereumEthereum(ETH)$1,777.161.96%
  • tetherTether(USDT)$1.000.01%
  • binancecoinBNB(BNB)$577.541.14%
  • usd-coinUSDC(USDC)$1.00-0.01%
  • rippleXRP(XRP)$1.111.34%
  • solanaSolana(SOL)$79.141.63%
  • tronTRON(TRX)$0.3320230.41%
  • Figure HelocFigure Heloc(FIGR_HELOC)$1.00-3.06%
  • HyperliquidHyperliquid(HYPE)$68.070.78%