Yearn Finance, the decentralized finance (DeFi) yield aggregator, has confirmed a security incident involving a custom yETH stableswap pool that resulted in approximately $9 million in total losses. The exploit, which occurred at 16:11 EST on Nov. 30, involved the unauthorized minting of a large amount of yETH.Crucially, Yearn stated that the impacted contract is a custom version of popular stableswap code and is entirely unrelated to other Yearn products.

In an update shared on X, the protocol confirmed that the main Yearn V2 and V3 vaults are not affected by this specific vulnerability. An initial analysis indicated the attack primarily targeted two areas: the yETH Stableswap Pool, with a direct impact of about $8 million, and the yETH-WETH Stableswap Pool on Curve, where approximately $0.9 million was siphoned.

Yearn said it moved quickly to form a joint “war room” with security partners, including the white-hat hacking collective SEAL911 and the yETH audit partner, ChainSecurity, to conduct a full post-mortem investigation.

According to the Yearn team, preliminary indications point to this being a highly sophisticated attack.

“Initial analysis indicated this hack has a similar high complexity level to the recent Balancer hack, so please bear with us as we perform the post-mortem analysis. There is no other Yearn product using similar code to what was impacted,” the team affirmed, seeking to reassure users of its core vaults.

Read more: Balancer Breach Tied to Batch Swap Rounding Bug; Investigation Ongoing

The team also stressed its commitment to taking security seriously and promised to integrate all lessons learned from the incident into its future protocol development. The team directed any users impacted by the event to open a support ticket on its Discord channel for assistance.

Meanwhile, in a later update, Yearn claimed to have recovered 857.49 pxETH (Dinero Staked ETH) valued at $2.39 million. The recovery was achieved with the assistance of the Plume and Dinero teams, who are associated with the institutional liquid staking token used in the affected pool.

• What happened to Yearn Finance? A custom yETH stableswap pool exploit caused about $9 million in losses on Nov. 30.
• Are Yearn’s main vaults affected? Yearn confirmed V2 and V3 vaults are safe and unrelated to the impacted contract.
• Which pools were targeted? The attack hit the yETH Stableswap Pool (~$8M) and the yETH-WETH Pool on Curve (~$0.9M).
• How is Yearn responding? A joint war room with SEAL911 and ChainSecurity is investigating this highly complex hack.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。