Yearn's yETH Stableswap Pool Exploited for $9 Million in Complex Attack
Yearn's yETH Stableswap Pool Exploited for $9 Million in Complex Attack
💸 Yearn's $9M Problem
Yearn Finance suffered a $9 million exploit on November 30 at 21:11 UTC targeting the yETH stableswap pool.
Damage breakdown:
- $8M lost from the impacted stableswap pool
- $0.9M from the yETH-WETH pool on Curve
- Total: $9 million
The attack involved minting large amounts of yETH through a vulnerability in custom stableswap code. Yearn V2/V3 vaults remain unaffected and secure.
Response efforts:
- War room activated with SEAL911 and ChainSecurity
- Full postmortem investigation underway
- Complexity similar to recent Balancer hack
Yearn emphasized that no other products use similar code to the exploited contract. The team is conducting thorough analysis and will implement lessons learned.
Affected users can seek assistance through Yearn's Discord support. The protocol maintains detailed security documentation covering audit history and vulnerability disclosure processes.
At 21:11 UTC on Nov 30, an incident occurred involving the yETH stableswap pool that resulted in the minting of a large amount of yETH. The contract impacted is a custom version of popular stableswap code, unrelated to other Yearn products. Yearn V2/V3 vaults are not at risk.
We are investigating an incident involving the yETH LST stableswap pool. Yearn Vaults (both V2 and V3) are not affected.
Yearn Finance Recovers $2.39M in Coordinated yETH Asset Recovery Operation
**Yearn Finance successfully recovered 857.49 pxETH worth $2.39 million** through a coordinated effort with Plume and Dinero teams. **Key Details:** - Recovery operation targeted yETH-related assets - Transaction confirmed on Ethereum blockchain - **Recovery efforts continue actively** - All recovered assets will be returned to affected depositors **Important Security Note:** Users should remain vigilant against impersonators claiming to represent Yearn Finance. The recovery represents significant progress in addressing the exploit damage, with ongoing efforts to retrieve additional funds for affected users.
Yearn Confirms Safety of Curated Morpho Vaults After yETH Investigation
**Yearn has confirmed that its Curated Morpho vaults remain secure** following an investigation into the yETH LST stableswap pool incident. Key safety confirmations: - **yETH/st-yETH tokens were not used as collateral** on any markets - All Curated Morpho vaults are operating normally - No user funds in these vaults were at risk This follows earlier reports of an incident involving the yETH LST stableswap pool, which prompted the investigation. **Yearn's V2 and V3 vaults were already confirmed as unaffected** by the initial incident. The confirmation provides clarity for users of Yearn's Morpho integration, ensuring that collateral exposure was limited and vault operations continue without disruption.
Yearn-Curated Term Labs USDS Vault Delivers 6% Average Yield
**Yearn's new USDS vault through Term Labs is gaining traction**, offering depositors an average **6% yield** through a dual-strategy approach. The vault operates by: - Earning **7.5% APY** on ~69% of deposits through fixed-rate lending - Generating **4.8% APY** on remaining funds via Yearn's USDS vault - Providing additional **Cap Money points** on collateral Term Labs uses **sealed-bid auctions** every ~4 days to match lenders with borrowers seeking loans against blue-chip collateral. Currently serving a **$445K USDS loan** for 45 days at 7.5% annualized rate, backed by fixed-duration cUSD collateral. **Idle funds aren't wasted** - they're automatically allocated to Yearn's USDS vault until the next auction, maximizing yield efficiency. Yearn's DAI-2 vault also participates by converting DAI to USDS at 1:1 ratio before depositing into the Term strategy.
🎙️ Yearn Partners Host Twitter Space on Making DeFi Cypherpunk Again
**Yearn Finance** is hosting a Twitter Space discussion focused on bringing **transparency, security, and better risk practices** back to DeFi markets. The conversation centers around the question: *How do we make DeFi Cypherpunk again?* **Featured Partners:** - @LiquityProtocol - @asymmetryfin The discussion aims to address current challenges in decentralized finance and explore solutions for returning to DeFi's original principles of transparency and security. [Set a reminder for the Twitter Space](http://x.com/i/spaces/1vAGR)