Thursday, December 4, 2025
Cloud Security

Yearn Finance yETH Pool Hit by $9M Exploit

by CybrGPT
0 comment

A significant vulnerability in Yearn Finance’s yETH pool on Ethereum has enabled an attacker to drain about $9m in assets.

According to new findings released by Check Point Research (CPR), the flaw in the pool’s internal accounting allowed the perpetrator to mint 235 septillion yETH tokens after depositing only 16 wei, worth roughly $0.000000000000000045 at the time of the attack.

A Complex Exploit

The cybersecurity researchers said a critical oversight in the pool’s cached storage system created the opening.

The yETH pool uses stored virtual balances, known as packed_vbs[], to reduce gas costs during operation.

When all liquidity was removed from the pool, the main supply counter reset to zero, but the cached values did not. This desynchronization led the protocol to believe the pool was empty even though leftover phantom balances remained in storage.

The attacker took advantage of this by repeatedly cycling deposit and withdrawal transactions through flash loans. Each pass left behind small residual virtual balances that accumulated over time.

After completely emptying the pool, the attacker deposited tiny amounts across eight supported tokens. The protocol interpreted the action as a first-time deposit and minted tokens based on the inflated cached values instead of the negligible input.

Read more on Ethereum-related attacks: DeFi Protocol Balancer Loses Over $120m in Cyber Heist

How the Breach Unfolded

The intrusion progressed in six distinct phases:

  • Borrowing assets through flash loans

  • Polluting stored virtual balances with repeated deposit-withdrawal cycles

  • Burning all LP tokens to drop the supply to zero

  • Depositing 16 wei across the pool to trigger the flawed “first deposit” logic

  • Swapping the newly minted yETH for underlying assets

  • Converting proceeds to ETH, repaying loans and laundering funds

The attacker ultimately exchanged the stolen LSD assets, including wstETH, rETH and cbETH, into ETH through various DEXs before routing a portion through Tornado Cash.

CPR noted that the incident underscores the risk created by complex AMM mechanics and gas-saving optimizations.

“For defenders, this exploit reinforces that correctness in complex systems requires explicit handling of ALL state transitions, not just the happy path,” they said.

The company added that the breach could have been prevented with transaction simulation, sequence-level monitoring and automated blocking of abnormal minting behavior.

Source link

You Might Be Interested In

You may also like

Elevating SaaS Security with NIST CSF and Agentic AI

Walmart Jewelry Partner Exposes Millions in Latest Cloud Storage Misconfig

Cloud Data Remains Your Responsibility

Understand the Inherent Risk in Browser Extensions

Google Adds to its Cloud Security Offering

Windows 10 “Almost Twice as Safe as Windows 7”

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

Stay informed with the latest cybersecurity news. Explore updates on malware, ransomware, data breaches, and online threats. Your trusted source for digital safety and cyber defense insights.

Facebook Twitter Instagram
Weather Data Source: 30 tage wettervorhersage

Subscribe my Newsletter for new blog posts, tips & new photos. Let’s stay updated!

©2025 cybrgpt.com – All rights reserved.

@2025 - All Right Reserved.
View Cart Checkout Continue Shopping
Close