Yearn Finance has suffered a serious security breach after an attacker managed to mint what amounted to an unlimited supply of yETH tokens, exploiting a flaw that ultimately drained an estimated $9 million from the protocol.
The incident marks one of Yearn’s most disruptive exploits in recent years and immediately reignited concerns around smart-contract risks in legacy DeFi infrastructure.
Early analysis from on-chain investigators shows that the attacker targeted a vulnerability inside one of Yearn’s older vault contracts, manipulating the system’s internal accounting to create an “infinite mint” environment.
At 21:11 UTC on Nov 30, an incident occurred involving the yETH stableswap pool that resulted in the minting of a large amount of yETH. The contract impacted is a custom version of popular stableswap code, unrelated to other Yearn products. Yearn V2/V3 vaults are not at risk.
— yearn (@yearnfi) December 1, 2025
By generating a massive amount of synthetic yETH at virtually no cost, the exploiter was able to swap the tokens for real assets and siphon value across multiple liquidity pools before the abnormal flows were detected.
The Yearn team moved quickly to pause affected components and begin an internal investigation, while security researchers worked to trace the path of the stolen funds. Although the exploit was contained to a specific legacy contract and did not impact newer vaults, the event has renewed conversations within the DeFi community about the long-term maintenance of older smart-contract systems that still hold meaningful liquidity.
Market reaction was immediate, with Yearn-related assets experiencing volatility as traders assessed whether the exploit posed systemic risks. Developers emphasized that user funds in active, up-to-date vaults remain safe, but acknowledged that recovering the stolen assets will depend on negotiations with the attacker or cooperation across exchanges and on-chain enforcement tools.
The Yearn Finance exploit serves as a reminder that even established DeFi protocols remain vulnerable to sophisticated attacks if older code is not continuously audited, upgraded, and phased out. As investigations continue, the community now awaits a detailed post-mortem that will outline the technical root cause, patch measures, and the protocol’s path toward restoring confidence after the $9 million breach.
