Yearn Finance reveals arithmetic bug leading to "infinite mint" of yETH worth $9 million

The DeFi protocol Yearn Finance has released a post-mortem report on last week’s yETH attack, highlighting that an arithmetic bug in the old stableswap pool allowed the attacker to “mint nearly unlimited” LP tokens and withdraw approximately $9 million in assets. Yearn also confirmed that part of the stolen funds has been recovered.

Incident and Attack Mechanism

According to Yearn, the yETH weighted stableswap pool was exploited at block 23,914,086 on November 30, 2025, after a series of complex operations caused the pool’s (solver) to enter an incorrect state, ultimately leading to an arithmetic underflow error.

Vaults v2, v3, and other products were not affected; the losses were limited to yETH and related integrations.

The exploited pool was a custom stableswap aggregating multiple liquid staking tokens ((LST)) such as apxETH, sfrxETH, wstETH, cbETH, rETH, ETHx, mETH, wOETH, along with the yETH/WETH pool. Before the incident, these pools held a basket of LSTs and 298.35 WETH.

Three Attack Phases and the “Infinite Mint” Path

The post-mortem divides the attack into three phases:

1. Severe Imbalance in add_liquidity

   The attacker deposited highly imbalanced liquidity, pushing the pool’s fixed solver into an operational range outside of its intended design. This caused an internal variable, (Π), to collapse to 0, breaking the invariant of the weighted stableswap and allowing massive over-minting of LP tokens.

2. Draining Assets with remove_liquidity

   With the over-minted LP, the attacker repeatedly called remove_liquidity and related functions to withdraw most of the LST liquidity, shifting the incorrect minting cost to protocol-owned liquidity ((POL)). This process reduced the pool’s internal supply to 0, even though the ERC-20 balance remained.

3. Re-triggering the “Bootstrap” Path and Infinite Mint

   The attacker returned to the pool initialization route, originally meant for the initial deployment. By submitting a “dust” configuration that violated domain constraints, they triggered an unsafe_sub operation causing an underflow, resulting in “quasi-infinite” yETH LP tokens, which were then used to drain the yETH/ETH pool on Curve.

Asset Recovery and Handling

Yearn reported recovering 857.49 pxETH in cooperation with Plume and Dinero; the recovery transaction was executed on December 1. These funds will be distributed proportionally to yETH depositors based on their balances before the exploit.

About 1,000 ETH stolen was sent to Tornado Cash on the night of the incident, with the remainder transferred through Tornado on December 5. The Block previously reported that around $3 million in ETH was sent to the mixer immediately after the attack.

Yearn emphasized that yETH operates under a self-managed model via YIP-72, with a “Use at Own Risk” clause, and confirmed that the Yearn team and YFI community bear no responsibility for compensation. All recovered assets will be returned to affected users.

Remediation Plan

To prevent recurrence, Yearn proposed the following measures:

• Add explicit domain checks for the solver; treat Π = 0 as a critical error.
• Replace all unsafe math operations with checked math in critical sections.
• Disable or restrict bootstrap logic once the pool is active.
• Hard cap the amount of LP issued relative to actual deposit value.
• Expand testing coverage with invariant fuzzing, adversarial math tests, and off-chain model cross-checks.

Yearn acknowledged ChainSecurity for root cause analysis support and SEAL 911 for incident response and asset recovery assistance. Investigation and monitoring of the attacker’s fund flows are ongoing.

Vuong Tien