Yearn Finance Exploit: Here is What You Need to Know

A major exploit has shaken the DeFi ecosystem as Yearn Finance’s legacy yETH product suffered an infinite-mint attack, allowing an attacker to create trillions of tokens and drain funds from Balancer liquidity pools. 

As the community asks what this means for the protocol and its governance token YFI, understanding the details behind this Yearn Finance exploit is crucial. This article explains everything you need to know—from how the hack happened to the latest market reactions.

How the Infinite-Mint Yearn Finance Exploit Happened

On November 30, 2025, at approximately 21:11 UTC, a malicious wallet executed an infinite-mint exploit on the legacy yETH contract. The attacker minted around 235 trillion yETH in a single transaction, bypassing intended supply rules.

According to blockchain analysts and alert systems such as Nansen, the bug was tied specifically to the yETH token contract, not Yearn’s core V2 or V3 Vault infrastructure. The attacker then deployed several helper contracts—minutes before the exploit—which self-destructed immediately afterward, making on-chain tracking more difficult.

This vulnerability enabled the attacker to convert their newly minted yETH into real assets by draining liquidity from Balancer pools. Early reports estimate that about $2.8 million worth of ETH and Liquid Staking Tokens (LSTs) were taken.

On-Chain Activity: Laundering and Movement of Funds

Following the exploit, blockchain trackers identified a series of high-value transfers involving the stolen assets. Notably:

• Roughly 1,000 ETH was routed through Tornado Cash, a common privacy mixer used to obscure fund flows.

• Several supporting contracts were used during the exploit and quickly self-destructed.

• The attacker executed multiple 100 ETH transfers, spreading the funds across different chains and addresses.

Despite the scale of the attack, Yearn Finance confirmed that V2 and V3 Vaults were not impacted, isolating the vulnerability to an outdated product no longer central to the protocol’s operations.

Yearn’s Total Value Locked (TVL) remained above $600 million, suggesting core infrastructure remained intact and secure.

READ ALSO: Ethereum (ETH) Price Prediction 2025-2027: Can ETH’s Poor Performance Be Cured?

YFI Price Reaction: From Panic to Short Squeeze

Source: Coingecko

Surprisingly, the exploit triggered an unexpected surge in YFI’s price. Shortly after the hack was reported by analysts and social media accounts, YFI moved sharply from $4,080 to over $4,160 within an hour.

This counterintuitive spike was the result of:

• Early panic leading to traders opening aggressive short positions

• Misinterpretation of the exploit as a protocol-wide failure

• Rapid short-covering once it became clear the hack affected only yETH, not Yearn Vaults

Given that YFI’s circulating supply is just 33,984 tokens, the market is notoriously thin. Even modest trading activity can cause large volatility spikes, especially during moments of uncertainty.

Derivatives platforms also recorded high funding volatility, indicating intense short-term speculation immediately after the exploit.

What This Exploit Means for Yearn Finance and DeFi Security

This incident highlights several ongoing concerns within decentralized finance:

Legacy Contracts Remain a Weak Point

The vulnerability was found in a legacy contract (yETH) rather than active Yearn Vaults. This shows how outdated contracts can create systemic risk if not phased out or patched.

Liquidity Pools Are Attractive Targets

Balancer pools provided immediate exit liquidity for the attacker, enabling rapid draining of value. This continues a trend where automated market makers (AMMs) become the first point of impact in exploits.

Mixer Usage Shows Persistence of Laundering Tactics

The attacker’s use of Tornado Cash demonstrates that—even amid regulatory pressure—mixers remain deeply integrated into exploit laundering strategies.

READ ALSO: Ethereum (ETH) Price Prediction November 2025: Can the Bulls Regain Momentum?

Conclusion

The Yearn Finance exploit affecting the yETH product marks one of the largest infinite-mint attacks in recent DeFi history. While roughly $2.8 million in funds were drained, it is important to note that Yearn’s core V2 and V3 Vaults remained secure and unaffected.

The incident triggered volatility across the ecosystem, most notably a short-lived spike in YFI caused by short-covering. As investigations continue, the community awaits an official postmortem and potential governance decisions on recovery measures. The exploit serves as another reminder of the importance of ongoing contract audits, deprecation of legacy systems, and robust security practices in DeFi.

For more in-depth crypto market updates and predictions, check out the latest posts on the Bitrue blog — or explore trading directly on Bitrue’s platform.

FAQ

Was Yearn Finance fully hacked?

No, only the legacy yETH product was affected.

How much money was stolen?

Approximately $2.8 million was drained from Balancer pools.

Were Yearn V2 or V3 Vaults impacted?

No, Yearn confirmed these vaults were unaffected.

Why did YFI’s price go up after the hack?

A short squeeze occurred after traders misinterpreted the exploit as protocol-wide.

Is the attacker identifiable?

Not currently; funds were laundered through Tornado Cash.