• yETH exploit bled around 1,000 ETH worth around $3 million.
• Attack used self-destructing contracts to inflate yETH supply and erase transactional traces.
  Pool had around 11 million dollars before the attack, and the core vaults and V2/V3 systems are secure.

Yearn Finance’s yETH product suffered a major exploit that drained millions in liquid staking tokens after an attacker minted what appeared to be near-infinite yETH in one transaction. The breach allowed the exploiter to withdraw roughly 1,000 ETH, worth nearly $3 million, before partially masking movements through Tornado Cash.

Data from the blockchain reveals that the attack utilized several newly created smart contracts that were meant for fast action and self-destruction. These smart contracts were used for inflating the yETH supply, extracting liquidity, and eliminating vital traces. It is reported that the pool contained around 11 million dollars at the time of the incident.

Yearn Finance has confirmed that it suffered a breach, though it clarified that it only affected the LST stableswap pool and that its core vaults are secure. In fact, the core systems of V2 and V3 are still unaffected, and the team is still trying to assess what exactly transpired.

Complex DeFi Layers Amplify yETH Vulnerabilities

The​‍​‌‍​‍‌ hacked was first covered by X user Togbe, who told The Block that they saw the suspicious assault as they were following big transactions. In a message, Togbe said, “On-chain transfers suggest a yETH super mint was the main tool the attacker used to empty the pool, thus earning close to 1,000 ETH. A little part of the ETH was thrown away to the side as well, but they still made a ​‍​‌‍​‍‌profit.”

Security analysts believe that this incident is part of an increasing number of DeFi-related vulnerabilities that are escalating into 2025. Data indicates that over $127 million has been lost due to hacking, scamming, and exploits in just the month of November. Vulnerabilities in smart contracts have been identified as the current leading systemic risk in DeFi, surpassing phishing and attacks on wallets.

Also Read | Shiba Inu 2026 Prediction: Analyst Sees Massive Parabolic Rally Ahead

Self-Destructing Contracts Indicate Increasing Sophistication 

Recent attacks share consistent patterns, especially the coordinated use of self-destructing contracts to remove transactional evidence. Self-destruction contracts allow attackers to create complicated step attacks and destroy them on the blockchain, making it less traceable. Then, money is laundered through Tornado Cash.

According to security analysts, DeFi’s growth in innovation still outpaces classical security measures. The Yearn Finance breach underscores the urgent need for stricter testing, continuous monitoring, and adaptable defenses capable of countering increasingly agile exploit frameworks across the ecosystem.

Also Read | Kusama (KSM) Forecast 2025: Could KSM Skyrocket to $19.06?