Attackers profited approximately $3 million after draining the entire liquidity pool in a single transaction.

The Decentralized Finance (DeFi) platform Yearn Finance has confirmed a major security breach affecting its yETH product. On Monday, an attacker exploited a vulnerability that allowed for the unlimited minting of tokens, completely draining the yETH liquidity pool. The project assured users that its core V2 and V3 Vaults were not affected by the incident.

Blockchain analysis reveals the attacker generated a massive number of yETH tokens, which were then used to drain millions from Balancer pools. The perpetrator secured a profit of roughly 1,000 ETH, valued at $3 million, and funneled the funds through the Tornado Cash mixing service to obscure their trail.

The yETH token is an index composed of several different liquid staking derivatives (LSTs) of Ethereum. The attack reportedly involved newly deployed smart contracts that self-destructed immediately after the transaction was completed. Before the exploit, the yETH pool held a total value of approximately $11 million.

DeFi Security Remains a Persistent Challenge

This event has once again raised concerns within the crypto community about the security of complex DeFi protocols. It’s not the first time Yearn Finance has faced security issues. In 2021, the platform’s yDAI vault was hacked for $11 million, with the attacker making off with $2.8 million. More recently, in December 2023, a faulty script wiped out 63% of a treasury position.

The yETH incident contributes to a troubling trend of exploits across the industry. According to a report from blockchain security firm CertiK, the crypto sector lost an estimated $127 million to hacks and scams in November alone. The report noted that while over $172 million was initially stolen, about $45 million was later recovered.

The largest single exploit in November was a sophisticated attack on the Balancer DeFi protocol, which resulted in losses exceeding $116 million across multiple blockchains. These repeated high-value thefts underscore the ongoing risks associated with the rapidly evolving DeFi landscape.