Yearn Finance yETH Pool Exploited via Cached Storage Flaw

Timeline

1. 03.12.2025 17:30 1 articles · 23h ago

   Yearn Finance yETH Pool Exploited via Cached Storage Flaw

   An attacker exploited a vulnerability in Yearn Finance's yETH pool on Ethereum, draining approximately $9 million in assets. The flaw stemmed from a desynchronization in the pool's cached storage system, allowing the attacker to mint an excessive amount of yETH tokens after depositing a negligible amount. The exploit involved a complex series of transactions, including flash loans and repeated deposit-withdrawal cycles, to manipulate the pool's virtual balances.

   Show sources

   • Yearn Finance yETH Pool Hit by $9M Exploit — www.infosecurity-magazine.com — 03.12.2025 17:30

   Open in new tab

Information Snippets

• The attacker minted 235 septillion yETH tokens after depositing only 16 wei, valued at approximately $0.000000000000000045.

  First reported: 03.12.2025 17:30
  1 source, 1 article
  Show sources

  • Yearn Finance yETH Pool Hit by $9M Exploit — www.infosecurity-magazine.com — 03.12.2025 17:30

• The vulnerability was due to a desynchronization in the yETH pool's cached storage system, which failed to reset cached values when the main supply counter was reset to zero.

  First reported: 03.12.2025 17:30
  1 source, 1 article
  Show sources

  • Yearn Finance yETH Pool Hit by $9M Exploit — www.infosecurity-magazine.com — 03.12.2025 17:30

• The exploit involved six distinct phases, including borrowing assets through flash loans, polluting virtual balances, and converting stolen assets into ETH.

  First reported: 03.12.2025 17:30
  1 source, 1 article
  Show sources

  • Yearn Finance yETH Pool Hit by $9M Exploit — www.infosecurity-magazine.com — 03.12.2025 17:30

• The attacker used various DEXs and Tornado Cash to launder the stolen funds.

  First reported: 03.12.2025 17:30
  1 source, 1 article
  Show sources

  • Yearn Finance yETH Pool Hit by $9M Exploit — www.infosecurity-magazine.com — 03.12.2025 17:30