An infinite-mint vulnerability in Yearn Finance’s yETH contract triggered a multi-million dollar liquidity drain Sunday, forcing the protocol to isolate the affected legacy pool. An attacker exploited the flaw to mint 235 trillion synthetic tokens, immediately swapping the worthless supply for real assets before routing funds to mixer Tornado Cash.
An infinite-mint vulnerability in Yearn Finance’s yETH contract triggered a multi-million dollar liquidity drain Sunday, forcing the protocol to isolate the affected legacy pool. An attacker exploited the flaw to mint 235 trillion synthetic tokens, immediately swapping the worthless supply for real assets before routing funds to mixer Tornado Cash.
The breach originated in the yETH contract, a liquid staking index designed to bundle assets like stETH and rETH. The attacker identified a dormant logic flaw allowing the uncollateralized minting of yETH.
The first and most immediate target a Balancer liquidity pool that supported yETH. Once the inflated supply of tokens entered the pool, it allowed the exploiter to remove real ETH and liquid staking derivatives at scale, pulling value from a pool that previously held nearly $11 million. The initial figure shows that roughly $3 million worth of ETH was stolen almost instantly.
The yETH product functions as a liquid staking index, designed to bring together popular ETH staking tokens such as stETH and rETH into a unified asset. However, the recent incident shows that older smart contract logic can still contain dormant weak spots.
Analysts tracking the exploit pointed out that this issue came from a minting flaw present in a previous version of the yETH implementation. With this loophole open, the attacker could create a massive amount of yETH without any collateral.
Once the pool lost its backing, the attacker began to break the stolen ETH into smaller parts. Around 1,000 ETH, equal to roughly $3 million, moved into Tornado Cash in progressive batches.
The crypto mixer obscures transaction paths, which makes following the trail difficult for on-chain investigators. Blockchain records confirm this process started moments after the exploit and continued in steady intervals.
Other assets taken during the attack still remain in wallets associated with the exploiter, with early assessments showing several million dollars in value yet to move.
Yearn Finance that the exploit sits entirely within the yETH pool and does not touch its V2 or V3 Vaults. These vaults control significantly more capital, which prevented the incident from becoming a far more severe event. The protocol states that its core vaults remain fully protected and unaffected by the flaw.
The team has begun a deeper technical review supported by external security groups to understand the full extent of the exploitation. Early assessments indicate that the loss may reach about $9 million when all affected pools are counted, though the immediate confirmed drain sits closer to $3 million.
