Yearn Finance Secures $2.4M Recovery After yETH Exploit

Source: DefiPlanet Original Title: Yearn Finance Secures $2.4M Recovery After yETH Exploit Original Link: https://defi-planet.com/2025/12/yearn-finance-secures-2-4m-recovery-after-yeth-exploit/

Partial Rebound After November Attack

Yearn Finance has taken a major step toward mitigating the damage from its late-November yETH exploit, announcing the recovery of $2.4 million out of the $9 million drained from the protocol. The update came on December 1, with the team confirming that 857.49 pxETH linked to the attacker had been successfully traced and retrieved. All recovered funds will be returned to impacted users.

yETH update: With the assistance of the Plume and Dinero teams, a coordinated recovery of 857.49 pxETH ($2.39m) was performed. Recovery efforts remain active and ongoing. Any assets successfully recovered will be returned to affected depositors.

What Went Wrong: The Legacy yETH Pool Flaw

The exploit occurred on November 30 at 21:11 UTC, targeting Yearn’s legacy yETH stableswap pool, a contract built with custom code rather than standard implementations.

A subtle but critical arithmetic oversight allowed the attacker to mint an outsized amount of yETH in a single transaction, enabling them to drain approximately $8 million from the stableswap pool and another $900,000 from the yETH-WETH pool.

Yearn stressed that its widely used V2 and V3 vaults, which collectively secure over $600 million, were untouched. Security teams from Yearn, SEAL 911, and ChainSecurity moved into a war-room response immediately after the breach, with a comprehensive post-mortem currently underway.

How the Recovery Happened

While parts of the stolen ETH were quickly funnelled through privacy mixers, reducing the odds of a full recovery, several liquid staking tokens tied to the exploiter remained traceable.

The pxETH recovered in this update had not been mixed or converted, allowing Yearn, in partnership with Plume and Dinero, to neutralize the exploiter’s positions and redirect the value back to the protocol.

The approach enables affected users to be compensated without waiting for lengthy legal or enforcement processes. Yearn added that recovery efforts are ongoing and that additional assets may be reclaimed if on-chain activity permits.

Community Response and What’s Next

Users impacted by the exploit have been advised to reach out through Yearn’s Discord for support as the investigation continues. The protocol also reiterated that no other Yearn products share the compromised code path and that all older contracts are undergoing renewed security reviews.