Yearn Finance, one of the largest and most well-known DeFi protocols, has been subject to an exploit that cost approximately $9 million. The attack occurred on the Yearn yETH token, which is a user-governed liquidity pool token for various Ethereum Liquid Staking Derivatives (LSTs). The hacker exploited a vulnerability in the legacy yETH smart contract, which allowed for an infinite minting of yETH tokens, subsequently draining liquidity pools in one fell swoop. Yearn Finance Hack has significant implications for the protection of staked Ethereum derivatives and other DeFi assets, raising concerns about ongoing risks in the DeFi space.
yETH Token Exploit: How the Hack Happened
On November 30, 2025, at 21:11 UTC, a hacker exploited a bug in the code of Yearn’s legacy yETH stable-swap pool. The bug allowed the hacker to mint an absurdly high number of yETH tokens. These tokens, far exceeding the limits intended by the pool’s protocol, were used to withdraw real underlying assets, such as ETH and liquid staking tokens, from the liquidity pools.
The hacker drained about $8 million from Yearn’s main stableswap pool and about $0.9 million from the yETH-WETH pool on Curve, for a combined total loss of about $9 million. Yearn Finance Hack was a highly targeted and calculated attack, and took advantage of a legacy code vulnerability in yETH.
Laundering Stolen Funds via Tornado Cash
PeckShieldAlert, a blockchain security firm, also reported that the hacker laundered the stolen funds post-attack. Approximately 1,000 ETH, or about $3 million worth, was sent to a privacy mixer named Tornado Cash. Tornado Cash is a tool often used to obfuscate transaction traces. The rest of the stolen funds, worth $6 million, remain in the hacker’s wallet (0xa80d…c822).
The hacker has a mixture of ETH, pxETH, frxETH, cbETH, Lido stETH, Rocket Pool rETH, all staked to a variety of products in their wallet. This variety of staked assets may make it more difficult to track or recover the stolen money.
Yearn Finance Responds to the Attack
Yearn Finance reacted quickly to the ETH Token Exploit, confirming that the hack only affected the legacy yETH product. The Yearn team also indicated that the V2 and V3 Vaults of Yearn Finance, where funds are kept, were safe and not compromised in the attack. Yearn Finance is working with both DeFi Security experts and auditors to further analyze the Yearn Finance breach. However, no formal recovery plan has been disclosed by Yearn yet.
Yearn Hack Hits Two Days After Multimillion-Dollar South Korean Exchange Heist
Yearn’s hack comes two days after one of the largest Korean cryptocurrency exchange platforms, Upbit, lost 5.9 billion won ($4 million) in Thursday’s hack that netted the attackers a total of 44.5 billion won. These latest hacks highlight how recent institutional capital inflows have inflated the market cap of the crypto market without improving its security.
Market Dump and the Broader Crypto Market Reaction
After the Yearn Finance Hack news, Yearn’s governance token YFI quickly tumbled by 4.4%, trading near $3,859. DeFi is particularly sensitive to any negative events in the market. Hence, the entire cryptocurrency market reacted quickly as the hack became public.
Chart 1: YFI Live Price, provided by Coingecko, December 1st, 2025.
After the hack news, leading cryptocurrencies went into a downtrend that started in the last week of November. Bitcoin lost over 4% while Ethereum lost 5%, continuing the decline from late November.
Despite the negative press release, Yearn’s YFI token saw a temporary surge in value immediately after the news of the yETH Token Exploit. This was because of a short squeeze, where traders rushed to exit their short positions on the back of the Yearn hack news, causing the YFI price to temporarily rise. Actually, many traders placed short orders in YFI based on their initial reading of the news and were caught unaware by the exploit.
DeFi Security Under the Scrutiny
Yearn Finance Hack has once again raised concerns about the security of DeFi protocols. Yearn Finance stated that the vulnerability was specific to the “unmaintained legacy yETH product,” but the attack has highlighted the potential risks of relying on legacy code. The attacker was able to exploit a vulnerability in the yVault ETH address to drain funds from the platform.
The community has been left reeling from the news, with some questioning the security of DeFi platforms and the use of flash loans. However, it is worth noting that the attacker was able to exploit a known vulnerability in the yVault ETH address, and Yearn Finance had previously stated that it would not be maintaining the legacy yETH product.
Looking Ahead
In the long term, Yearn Finance and other DeFi platforms will likely face greater pressure to scale up their security efforts, as well as to reassess the security of legacy products. DeFi investors and users must also adjust their DeFi strategy, including when it comes to protocol audits, vulnerability testing, and transparency from DeFi platform developers.
Yearn Finance will need to move quickly to assure users and the DeFi community at large that it can recover from this exploit. In the meantime, the stolen funds are still in the hands of the hacker, and with much of the crypto community closely monitoring the situation, we wait to see how Yearn will address the damage from this high-cost exploit.
Get the news in a Jist. Follow Cryptojist on X and Telegram for real-time updates!
Disclaimer: This article is for informational purposes only and does not constitute financial advice. Cryptocurrency investments are highly volatile and risky. Always conduct your own research and consult with a qualified financial advisor before making any investment decisions.
Bitcoin 
Ethereum 
Tether 
XRP 
BNB 
USDC 
Wrapped SOL 
Lido Staked Ether 
TRON 
Dogecoin 