Scan to Download Gate App

More Download Options

Don't remind me again today

StableNomad

2025-11-30 23:12:24

The yETH product under Yearn Finance has encountered issues. Attackers found a vulnerability in the minting mechanism that allowed them to almost infinitely mint yETH tokens.

This operation is ruthless — a single transaction directly drained the liquidity pool, netting around 1000 ETH. Based on the market at that time, that's about 3 million dollars. What's even crazier is that some of the stolen funds have already entered the Tornado Cash mixer.

The traces left on the chain show that the attacker deployed several new contracts to carry out the attack, and immediately self-destructed to destroy the evidence after succeeding. Currently, Yearn's official team has confirmed that they are investigating the situation of yETH LST, but the specific loss amount has not been fully accounted for yet. This type of attack method that exploits minting vulnerabilities is not new in the DeFi space, but it still causes significant impact every time it occurs.

ETH7.61%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

18 Likes

Reward
18
11
Repost
Share

Comment

0/400

SchrodingerWallet

· 36m ago

Another smart guy found a minting vulnerability, and DeFi still has to continue paying tuition fees. Yearn really disappointed this time, losing 3 million dollars just like that, and even self-destructing evidence, truly ruthless. When will the entire ecosystem be properly audited? Is the audit report just a blank piece of paper? How can we not prevent such an infinite minting hole? I really don’t understand. Went to Tornado Cash, now we have to watch the off-chain story, really annoying. The contract review should be put on the agenda, right? It's already like this.

View OriginalReply0

FallingLeaf

· 12-01 17:22

Did Yearn crash again? This minting vulnerability is really unbelievable, who can withstand infinite money printing? --- 3 million just disappeared like that, and it has to go into the mixing machine for money laundering, this technique is indeed skilled. --- Every time they say an investigation, the loss numbers haven't been counted clearly yet, it's ridiculous. --- This set of minting attacks in DeFi really needs to be changed, when will they learn their lesson? --- A thousand ETH drained directly, what is Yearn's security audit doing? --- This mixing operation by Tornado Cash has made on-chain case-solving even more difficult. --- The contract self-destructs to destroy evidence, this attacker is quite sophisticated, the level of professionalism is extraordinary. --- Another LST has issues, it's really bold to invest in such things. --- Yearn is going to suffer a lot this time, and yETH's reputation is likely to drop significantly. --- The infinite minting vulnerability, how can such mistakes still be made in 2024?

View OriginalReply0

GhostChainLoyalist

· 12-01 01:30

Here we go again, Yearn is in trouble... This time the scale is really big, when will the infinite minting trap be completely eradicated? Old tricks, new harm, that's how DeFi keeps messing with people. 3 million just evaporated like that, and the dirty money ran into the mixing pool... You can't hide anything on-chain after all. The operation of self-destructing contracts to eliminate evidence, hackers these days are getting more and more professional. Another project party is going to feel the pain in their Wallet, when will we be able to conduct proper audits? Tornado Cash has come through again, it’s always involved. After so many years still stepping into the minting trap, why is DeFi security so difficult? Cutting corners on audit fees? Only learning the hard way after being attacked. Every time we say we’ve learned our lesson, and what happens...

View OriginalReply0

ReverseTradingGuru

· 11-30 23:42

Here we go again? Yearn is bleeding quite a bit this time... --- 3 million dollars just vanished like that, and they still have to wash the coins, this guy really dares to play --- Minting vulnerabilities have appeared again, can DeFi audits be a bit more reliable? --- Tornado Cash is obviously for professional players, it will be tracked across the network --- Unlimited minting? Isn't this a money printer? How is the contract code written? --- Self-destructing contracts to destroy evidence, the technique is indeed skilled, but unfortunately, they still got caught --- Another Crisis of Confidence in the ecosystem, Holdings holders are probably smashing their keyboards right now --- This kind of thing keeps happening, DeFi really should consider multi-signature + time locks.

View OriginalReply0

OneBlockAtATime

· 11-30 23:42

Another minting vulnerability, Yearn really messed up this time. Yearn really needs to review the code properly, this happens time and again... 3 million dollars just disappeared like that, and money laundering happened, bull. The pits of DeFi can never be filled, right? Unlimited minting? Isn't this just a printing machine? Haha. Well, another reason not to touch LST.

View OriginalReply0

BloodInStreets

· 11-30 23:38

Another value pit hits the head... Yearn really makes people want to buy the dip but can't, 3 million dollars evaporated directly, this is a true 50% Slump.

View OriginalReply0

CommunityWorker

· 11-30 23:34

Another minting vulnerability, Yearn is playing a bit too big this time. 3 million just disappeared like that, and it has to be Money Laundering to dare to spend it, why bother? When will Yearn learn to write secure contracts?

View OriginalReply0

BlockchainDecoder

· 11-30 23:25

From a technical perspective, this is yet another classic design flaw in the minting mechanism. Data shows that over 60% of security incidents in DeFi stem from such vulnerabilities. It is worth noting that the technique of attackers deploying multiple disposable contracts and then immediately destroying them has become a standard practice, with Tornado mixing being just a routine operation. Based on the following points: the withdrawal of 1000 ETH indicates that there are indeed design flaws in liquidity management, but the scale of the 3 million loss is relatively controllable; the key is how Yearn will fix it afterward. Citing several audit reports from last year, the insufficient separation of minting authority has always been a common issue for LST products. The essence exposed by this incident lies not in the novelty of the attack methods but in why such obvious risks in capital flow were not captured during the early stages of the audit. In summary, it still depends on how Yearn will respond to emergencies and what compensation plans will be implemented.

View OriginalReply0

RektButAlive

· 11-30 23:22

Another one? Yearn is going to lose a lot this time --- Tornado Cash is in the spotlight again, this trick is really familiar --- The infinite minting vulnerability has lasted this long, what is the auditing team doing? --- 3 million dollars just gone, this is the thrill of DeFi --- Self-destructing contracts to destroy evidence, this hacker is quite professional --- Every time they say it's been audited, every time something goes wrong, it's really absurd --- Yearn, you need to step up, or your trust level will be gone --- 1000 ETH in one shot, I just want to know how this vulnerability was found --- As soon as I use the mixer, I know this guy has experience

View OriginalReply0

NFTArchaeologist

· 11-30 23:20

Here comes another one, it's always like this, the same old routine, brother. Yearn has been clipped again, the minting vulnerability allows for unlimited entry, ridiculous. The contract had vulnerabilities that should have been checked long ago, and now it's only just being realized, it's really hard to hold on. That's why I never touch LST, too many pitfalls.

View OriginalReply0

Trending TopicsView More
#JoinGrowthPointsDrawToWiniPhone17
236.77K Popularity
#DecemberMarketOutlook
33.33K Popularity
#GIGGLEAndPIPPINSurge
5.61K Popularity
#LINKETFToLaunch
5.52K Popularity
#SharingMy100xToken
5.08K Popularity

Hot Gate FunView More

1
SAFFSAFF Fans
MC:$3.54KHolders:1
0.00%
2
MANMi Airdrop
MC:$3.53KHolders:1
0.00%
3
PIKACHUSuprised Pikachu
MC:$3.57KHolders:1
0.29%
4
DF61DF61
MC:$3.52KHolders:1
0.00%
5
DLHDr Lin Han
MC:$3.58KHolders:1
0.31%

Sitemap