Yearn Finance faced a serious attack on the yETH product, as a result of which the attacker managed to withdraw about a thousand ETH — nearly 3 million dollars — exploiting a vulnerability in the stable swap pool's operation. The exploit allowed in one action to create an almost infinite amount of yETH, quickly cash out liquidity, and partially cover tracks through Tornado Cash. Before the incident, the pool had about 11 million dollars, however, the main repositories of Yearn Finance — V2 and V3 — were not affected.

As blockchain data shows, the attack was built on a series of new smart contracts created solely for rapid execution and subsequent self-destruction. This scheme helped the attacker inflate the supply of yETH, withdraw assets, and remove critically important transaction traces. A representative of Yearn Finance confirmed the fact of the hack, emphasizing that the damage is limited only to the LST pool, and the key infrastructure of the service remains secure.