Scan to Download Gate App

More Download Options

Don't remind me again today

Yearn Finance recovers $2.4 million: Old yETH pool suffers from arithmetic vulnerability attack

RumbleValidator

2025-12-01 22:40:18

[Coin World] Yearn Finance can finally breathe a sigh of relief this time - last week's attack on the old version of the yETH pool resulted in them successfully recovering nearly 2.4 million dollars.

Here's the situation: A hacker targeted an old pool that is rarely used, exploiting arithmetic-level vulnerabilities to mint coins frantically, almost printing as many as desired. As a result, the liquidity in the pool was completely drained, with total losses estimated to be nearly 9 million dollars.

The good news is that Yearn officials emphasize that this incident is limited to that old antique pool, and the vaults of V2 and V3 were completely unaffected. The recovered funds will be returned to the affected users through the original channel, and the entire tracking process has the assistance and cooperation of a security company.

This matter reminds everyone again: In the DeFi world, old code and abandoned contracts can also become ticking time bombs. Even for leading protocols, the security maintenance of historically inherited products should not be taken lightly.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

9 Likes

Reward
9
8
Repost
Share

Comment

0/400

SerLiquidated

· 2h ago

Old pools really are a trap; it feels like it's always these obscure corners where things go wrong. Recovering 2.4 million is not bad, but a 9 million hole is still pretty nerve-wracking. Luckily this time it didn’t affect V2 and V3, otherwise it would’ve been a disaster. With code, you think something is secure but it’s still ticking away like a time bomb. Yearn handled this round decently, at least they managed to recover some funds. If it were some other protocols, they would’ve run off long ago. Leaving old code there is like a ticking time bomb, every day you’re just betting it won’t blow up.

View OriginalReply0

GasWastingMaximalist

· 4h ago

Recovering 2.4 million is still too little. How can you fill a 9 million hole like this? --- It's the old pool's fault again. Can't these zombie contracts just be taken offline directly? --- You also have to guard against top protocols; that's the scariest part. --- Seriously? Even basic arithmetic vulnerabilities can slip through? --- As long as V2 and V3 are fine, otherwise this time it's really bankruptcy. --- They promised a refund, but how long do we actually have to wait, guys? --- It's always "old code causing trouble." Why not just clean it all up directly? --- 9 million turned into 2.4 million. Where's the rest of the money? How do you account for this? --- It's already good if the security firm can recover any of it; the real worry is hackers who got away. --- DeFi really is full of landmines—one wrong step and it blows up.

View OriginalReply0

OptionWhisperer

· 12-01 23:10

Recovering 2.4 million is still not bad, but a 9 million hole is so big, right? Old pools are indeed prone to accidents, who still remembers those contracts that have long been neglected... Yearn got lucky this time, if V2V3 also falls, it would be really over. DeFi is just like that, there are always people watching your historical debts. The lesson this time is: don't think about a one-time fix, old code needs regular check-ups just like people.

View OriginalReply0

ShibaMillionairen't

· 12-01 23:09

To be honest, this is exactly what I'm worried about, the old traps are not cleared and new ones are coming in. Even if we recover it, what about the remaining 6.6 million? All the top protocols are like this, who can still feel at ease? Arithmetic vulnerabilities and such basic errors are really ridiculous. Fortunately, it's just an old pool, otherwise it would be a disaster. We need to learn from this operation, so we don't get trapped again next time.

View OriginalReply0

AirdropHunterXiao

· 12-01 23:09

Recovering 2.4 million is not bad, but filling a hole of 9 million feels a bit strange. Not cleaning out the old pool will really cause problems, it should have been taken offline long ago. Yearn got lucky this time, not having V2 or V3 collapse is the biggest fortune. There are still many rat trading schemes in Decentralized Finance, need to be careful. Abandoned contracts are really hidden bombs, who doesn't have a few at home?

View OriginalReply0

FreeMinter

· 12-01 23:04

Recovering 2.4 million is not bad, but how to fill the 9 million hole? I always feel uneasy in my heart. Old pools are just a mess, they should have been cleaned up long ago. Well, as long as V2V3 is fine, otherwise it would really blow up. That's how Decentralized Finance is, there are pitfalls everywhere in the details, so one must always stay alert. This wave of Yearn reacted quite quickly, otherwise others would have already done a Rug Pull.

View OriginalReply0

SilentAlpha

· 12-01 23:04

Old pools like this are really a hidden danger, must be cleaned up quickly. Recovering 2.4 million is not bad, but we need to be more attentive. Abandoned contracts are like time bombs, whoever touches them is doomed. Even top projects can't avoid the pitfalls of old code, speechless. At least it didn't affect V2V3, otherwise it would have really exploded. Hacker's moves are like a money printing machine. Well, another lesson, old projects should be carefully checked. Is recovering enough? We need to reflect on this.

View OriginalReply0

HodlTheDoor

· 12-01 22:55

Recovering 2.4 million is still good, but a loss of 9 million is still a bit painful. Old pools really are a hidden danger, must be cleaned up quickly. Yearn's response this time is relatively fast, unlike some projects that directly blacklist. Thinking back to how many abandoned contracts were left unmanaged, it turns out there is no absolute safety. This time we need to let the community remember, don't just focus on new products, but also check the old code.

View OriginalReply0

Trending TopicsView More
#JoinGrowthPointsDrawToWiniPhone17
258.35K Popularity
#DecemberMarketOutlook
52.52K Popularity
#PostonSquaretoEarn$50
6.28K Popularity
#LINKETFToLaunch
7.88K Popularity
#SharingMy100xToken
8.27K Popularity

Hot Gate FunView More

1
GEMZGEMZ
MC:$3.57KHolders:1
0.00%
2
GEBGEB
MC:$3.64KHolders:1
0.59%
3
ntrnature
MC:$3.63KHolders:2
0.04%
4
简介无敌简介无敌
MC:$3.58KHolders:1
0.00%
5
头像放大看头像放大看
MC:$3.58KHolders:1
0.00%

Sitemap