Yearn Finance yETH Hack: How Token Price Manipulation Drains $9M?

Latest Yearn Finance yETH Hack: Facts, Timeline, Loss, Method & Impact

The Yearn Finance yETH Hack the latest victim of a complex exploit that shook the crypto community to its core. This is a straightforward, human-understandable breakdown of what was lost and why this is important.

What Happened?

On November 30, 2025, a well-known yield aggregator in DeFi, Yearn Finance, suffered an unanticipated exploit of its yETH vault. The hacker found out that there was a vulnerability in the pricing and accounting system of the vault and exploited it to compromise the system.

Rather than attacking smart contracts directly, the attacker used the method the vault used to compute the value of deposits, withdrawals, and token conversions. This enabled them to empty their pockets without raising any red flags in the underlying contract.

What came out was an abrupt and suspect motion of tokens that sounded like red flags. In a few minutes, it was obvious that the vault was breached, and Yearn security cameras detected the unusual activity. Source: Wu Blockchain

What Did the Attacker Do?

The attacker developed a well-coordinated circle to create an artificial profit within the yETH vault. Their actions included:

• Placing the manipulated ETH-based assets in the yETH.

• Cashing in on overvalued pool tokens.

• The repetition of vault operations increases the imbalance.

• Taking away more money than they had deposited.

In short, they fooled the system into believing that their tokens were priced higher than they were. Such fake tokens were then traded with real assets in the liquidity pool.

After the pool drained, the attacker moved a portion of the stolen funds to Tornado Cash, a crypto-mixing service that is frequently employed to conceal the trail of transactions.

This was not a quick, random hack. It was a carefully planned exploit that used DeFi mechanics rather than traditional code vulnerabilities.

How Much Money Was Lost?

The loss has been estimated to be around $9 million according to the official statement of Yearn and on-chain data.

• The yETH stableswap pool was emptied to the tune of $8 million.

• Approximately $900,000 was stolen out of the Curve yETH-WETH pool.

• Already, at least 1,000 ETH, which is approximately $3 million, has been laundered via Tornado Cash.

While early reports suggested a smaller amount, further analysis confirmed the broader scale of the damage.

How Did the Attack Work?

The exploit worked by manipulating the vault’s share price and internal token ratios. Here’s the simplified explanation:

• The attacker employed flash loans or massive liquidity flows to manipulate the prices of tokens in a liquidity pool.

• They were depositing the tokens of inflated values into the yETH.

• These deposits were genuine profit calculated by the vault.

• The miscalculation was used by the attacker to withdraw more real ETH than they had deposited.

• This was repeated several times to drain the maximum.

This is what is referred to in DeFi as a price or oracle manipulation exploit; however, in this instance, it was the internal accounting system that was fooled.

What Was NOT Affected?

Yearn stressed that the incident was isolated.

The following were not impacted:

• Other Yearn vaults remained safe

• The core Finance smart contracts were not breached

• User wallets and external protocols were untouched

• No private keys or personal user data were compromised

Why Does This Matter?

This exploit highlights how complex DeFi systems can be vulnerable, even without a direct contract bug. It reminds the ecosystem that:

• Smart contract security is more than code auditing

• Pricing models and token interactions must be continuously tested

• Flash loans amplify potential risks

• User funds in DeFi are exposed to innovative attack vectors

The incident also emphasizes the importance of rapid response, transparency, and community communication—areas where Yearn Finance acted quickly to limit damage.

Conclusion

This latest crypto hack news exposes the dangers of untested custom code in DeFi. While the damage was limited to one pool, the incident reinforces the need for stronger audits and secure design.

Disclaimer: This article is for informational purposes only and does not constitute financial advice.