Back
Yearn Finance Recovers $2.4 Million Lost to Smart Contract Bug

Yearn Finance Recovers $2.4 Million Lost to Smart Contract Bug

Yearn Finance outlines the Nov. 30 exploit that led to $9M in losses, with partial recovery and security upgrades to protect yETH depositors.

Summary

Yearn Finance confirmed its yETH Weighted Stableswap Pool was exploited on Nov. 30 due to a vulnerability allowing attackers to mint unlimited LP tokens, resulting in approximately $9 million stolen. The protocol has recovered 857.49 pxETH—around one quarter of the stolen funds—and plans to distribute the recovered assets to yETH depositors. Security fixes have been implemented to prevent similar exploits.

Terms & Concepts
  • DeFi: Short for decentralized finance, an ecosystem of blockchain-based financial services without traditional intermediaries.
  • Smart Contract: Self-executing blockchain code that runs automatically when predetermined conditions are met.
  • yETH Weighted Stableswap Pool: A Yearn Finance liquidity pool combining Ether-backed assets with stablecoins, using weighted swap mechanics vulnerable in this case to exploitation.