On November 30, the Yearn Finance protocol was targeted by unknown attackers, resulting in a significant loss of approximately $9 million, as reported by blockchain security firm PeckShield.
The Yearn team confirmed that the breach was due to a vulnerability in the code of their Yearn Ether (yETH) product.
Preliminary assessments indicate that the losses included about $8 million from the affected stableswap pool and another $0.9 million from the yETH-WETH stable swap pool on Curve. The project’s team suggested that the complexity of this hack mirrors a recent exploit involving Balancer.
In the aftermath, the Yearn token (YFI) experienced a decline of 5.5%, trading around $3,900, with a market capitalization of approximately $132.6 million. The total value locked (TVL) in the protocol dropped from $432 million to $410 million in just one day, contrasting sharply with its peak of $6.7 billion in November 2021.
“The initial analysis indicates that the complexity of this hack is comparable to the recent exploit involving Balancer. We ask for your patience as we continue our investigation. It’s important to note that no other Yearn product utilizes code similar to the affected one,” the project team stated.
This incident marks another breach for Yearn Finance. In 2021, a previous attack led to the extraction of $2.8 million from the v1 yDAI pool, prompting the project to compensate affected users. Additionally, in December 2023, a multisig transaction error resulted in a loss of $1.4 million during a routine token fee conversion.
In November 2025, an on-chain researcher uncovered a previously unreported hack of the market maker DWF Labs, resulting in a loss of $44 million.
Source: Forklog
