Yearn Finance yETH Glitch Triggers $3 Million Drain to Tornado Cash

Source: CoinEdition Original Title: Yearn Finance yETH Glitch Triggers $3 Million Drain to Tornado Cash Original Link: https://coinedition.com/yearn-finance-yeth-exploit-balancer-pool-loss/

The Infinite Mint Vulnerability

An infinite-mint vulnerability in Yearn Finance’s yETH contract triggered a multi-million dollar liquidity drain, forcing the protocol to isolate the affected legacy pool. An attacker exploited the flaw to mint 235 trillion synthetic tokens, immediately swapping the worthless supply for real assets before routing funds to a crypto mixer.

The Exploit Mechanics

The breach originated in the yETH contract, a liquid staking index designed to bundle assets like stETH and rETH. The attacker identified a dormant logic flaw allowing the uncollateralized minting of yETH.

Yearn Finance suffered an attack resulting in a total loss of approximately $9M. The exploit involved minting a near-infinite number of yETH tokens, depleting the pool in a single transaction. Roughly 1,000 ETH (worth approximately $3M) was sent to a crypto mixer, while other stolen assets remain in wallets associated with the exploiter.

The first and most immediate target was a Balancer liquidity pool that supported yETH. Once the inflated supply of tokens entered the pool, it allowed the exploiter to remove real ETH and liquid staking derivatives at scale, pulling value from a pool that previously held nearly $11 million. The initial figures show that roughly $3 million worth of ETH was stolen almost instantly.

yETH’s Role and the Source of the Weakness

The yETH product functions as a liquid staking index, designed to bring together popular ETH staking tokens such as stETH and rETH into a unified asset. However, the recent incident shows that older smart contract logic can still contain dormant weak spots.

Analysts tracking the exploit pointed out that this issue came from a minting flaw present in a previous version of the yETH implementation. With this loophole open, the attacker could create a massive amount of yETH without any collateral.

Once the pool lost its backing, the attacker began to break the stolen ETH into smaller parts. Around 1,000 ETH, equal to roughly $3 million, moved into a crypto mixer in progressive batches. The crypto mixer obscures transaction paths, which makes following the trail difficult for on-chain investigators. Blockchain records confirm this process started moments after the exploit and continued in steady intervals.

Other assets taken during the attack still remain in wallets associated with the exploiter, with early assessments showing several million dollars in value yet to move.

Yearn Finance Responds and Assesses Damage

Yearn Finance announced that the exploit sits entirely within the yETH pool and does not touch its V2 or V3 Vaults. These vaults control significantly more capital, which prevented the incident from becoming a far more severe event. The protocol states that its core vaults remain fully protected and unaffected by the flaw.

The team has begun a deeper technical review supported by external security groups to understand the full extent of the exploitation. Early assessments indicate that the loss may reach about $9 million when all affected pools are counted, though the immediate confirmed drain sits closer to $3 million.