On Monday, the DeFi (Decentralized Finance) protocol Yearn Finance suffered a loss of $9 million due to an attack by an unknown party.
On-chain data shows that the attack targeted StableSwap, a custom pool for trading Liquid Staking Derivative tokens.
The attacker exploited a bug in the yETH smart contract to inflate the token supply while maintaining the price index.
As a result, attackers were able to mint tokens infinitely. Hackers exploited this vulnerability to steal 235 trillion yETH out of thin air.
With an unlimited supply, the hackers targeted the StableSwap pool, which initially held $11 million worth of liquid staking tokens (LST).
According to a PeckShieldAlert report on X on 01/12/2025, approximately 1,000 ETH (around $3 million) was stored in Tornado Cash. Meanwhile, the attackers now hold crypto worth $6 million.
The Yearn team confirmed this attack via an X post on 01/12/2025. They emphasized that the attack was caused by a weakness in the Yearn Ether (yETH) product code.
The affected smart contract was a custom version of the popular stableswap code that is unrelated to other product protocols. The developer team ensured that Yearn V2 and V3 remain secure.
However, investor confidence in Yearn immediately declined. At the time of writing, YFI is valued at $3,609, falling 6% in the last 24 hours.
This is not the first time Yearn has been attacked. In 2021, an unknown party withdrew $2.8 million from the yDAI v1 pool. Meanwhile, in December 2023, the protocol lost $1.4 million (equivalent to 63% of its treasury) due to issues in a multi-signature transaction.
The incidents targeting Yearn highlight the importance of portfolio diversification to minimize the risk of loss. Never invest all your funds in a single asset.
Additionally, it is crucial to conduct thorough research before choosing a protocol. Both beginner and professional investors should apply DYOR (Do Your Own Principles) principles before making a decision. Learn how in the article What is DYOR: Definition, Why It’s Important, and How to Apply It in Cryptocurrency.
