DeFi Exploit Drains $9 Million from Yearn Finance

First reported

04.12.2025 13:58

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A critical exploit targeting Yearn Finance's yETH pool on Ethereum has resulted in the theft of approximately $9 million. The attack abused a flaw in the protocol's internal accounting, where a cache containing calculated values to save on gas fees was never cleared when the pool was emptied. The attacker minted an astronomical number of tokens—235 septillion yETH—while depositing only 16 wei, worth approximately $0.000000000000000045. This represents one of the most capital-efficient exploits in DeFi history. The exploit highlights the risks associated with gas optimization techniques in DeFi protocols and the potential for significant financial losses due to unaddressed vulnerabilities.

Timeline

04.12.2025 13:58 1 articles · 23h ago

DeFi Exploit Drains $9 Million from Yearn Finance
A critical exploit targeting Yearn Finance's yETH pool on Ethereum has resulted in the theft of approximately $9 million. The attack abused a flaw in the protocol's internal accounting, where a cache containing calculated values to save on gas fees was never cleared when the pool was emptied. The attacker minted an astronomical number of tokens—235 septillion yETH—while depositing only 16 wei, worth approximately $0.000000000000000045. This represents one of the most capital-efficient exploits in DeFi history.
Show sources

ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories — thehackernews.com — 04.12.2025 13:58
Open in new tab

Information Snippets

The exploit targeted Yearn Finance's yETH pool on Ethereum, resulting in the theft of approximately $9 million.
First reported: 04.12.2025 13:58

1 source, 1 article
Show sources
- ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories — thehackernews.com — 04.12.2025 13:58
The attack abused a flaw in the protocol's internal accounting, where a cache containing calculated values to save on gas fees was never cleared when the pool was emptied.
First reported: 04.12.2025 13:58

1 source, 1 article
Show sources
- ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories — thehackernews.com — 04.12.2025 13:58
The attacker minted 235 septillion yETH tokens while depositing only 16 wei, worth approximately $0.000000000000000045.
First reported: 04.12.2025 13:58

1 source, 1 article
Show sources
- ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories — thehackernews.com — 04.12.2025 13:58
This exploit is considered one of the most capital-efficient in DeFi history.
First reported: 04.12.2025 13:58

1 source, 1 article
Show sources
- ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories — thehackernews.com — 04.12.2025 13:58