$3 Million Drained From Yearn Finance’s yETH LST Stableswap Pool

Yearn Finance’s yETH token aggregates liquid staking derivatives such as stETH, offering users a diversified exposure to Ethereum’s proof‑of‑stake rewards. By routing yETH through a Curve stableswap pool, the protocol enables low‑slippage swaps between yETH and native ETH, a feature that has attracted significant capital from yield farmers and institutional participants. The pool’s design relies on a dynamic exchange rate that adjusts share values based on underlying asset balances, a convenience that also introduces complex state dependencies.

On December 1, a sophisticated attacker leveraged a flash loan to manipulate the pool’s rate‑calculation routine. By feeding a crafted deposit, the exploit forced the contract to issue an effectively infinite number of yETH shares for a minimal ETH input, instantly diluting existing holdings. The attacker then withdrew the newly minted shares, converting them to ETH and routing the proceeds through Tornado Cash in 100‑ETH increments, obscuring the trail. This single‑transaction drain removed over $3 million from the Curve pool, collapsing yETH’s market price to near‑zero levels and prompting Yearn to issue a rapid statement reassuring users that its core vaults remain intact.

The incident underscores a broader security challenge for DeFi platforms that depend on mutable pricing formulas. Auditors and developers are now urged to replace dynamic, state‑dependent logic with oracle‑backed or mathematically invariant mechanisms that resist flash‑loan manipulation. Industry observers expect heightened scrutiny of liquidity‑pool contracts and a surge in formal verification efforts. As regulators increasingly focus on crypto‑mixers, the use of Tornado Cash may attract additional compliance pressure, further motivating protocols to adopt transparent, tamper‑resistant designs to safeguard investor capital.