Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
According to PeckShieldAlert on X, Yearn Finance suffered an attack in which the hacker drained the liquidity pool by infinitely minting yETH, causing losses of roughly $9 million. Approximately 1,000 ETH (about $3 million) was transferred to Tornado Cash, while the attacker’s address still holds around $6 million worth of crypto assets. On December 1, according to PeckShield’s monitoring, Yearn recovered 2.4 million USD by burning the pxETH held by the hacker. An equivalent amount of pxETH has been re-minted and returned to the Redacted Cartel multisig wallet. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 9,000,000.
- chain
- —
- protocol
- Yearn Finance
- bug_class
- logic
- date_occurred
- 2025-11-30
- loss_usd
- $9,000,000
- source_id
- sm:yearn-finance::2025-11-30