Yearn Finance's legacy pool vulnerability, $9 million loss, partial recovery underway

MidnightSeller · 2026-01-13T08:36:44+00:00

Yearn Finance disclosed a major security flaw in its legacy stable swap liquidity pool, allowing attackers to mint unlimited LP tokens and steal $9 million. The team quickly recovered some stolen assets and assured the safety of other pools while implementing measures to prevent similar issues in the future.

MidnightSeller

2026-01-13 08:36:44

Abstract generation in progress

Yearn Finance has recently disclosed a critical security flaw found in its legacy stable swap liquidity pool. The core issue was a numerical error that allowed attackers to generate unlimited LP tokens, creating a vulnerability.

Scope and Mechanism of the Attack

This hacking resulted in the theft of approximately $9 million worth of assets. The attack occurred on November 30, 2025, and malicious actors exploited the bug to issue unlimited liquidity provider tokens, thereby siphoning assets from the pool.

Yearn Finance’s Immediate Response

The project team responded swiftly and successfully recovered 857.49 pxETH. The recovered assets will be returned to the liquidity providers affected by this incident. Yearn Finance emphasized that this process is a crucial step in restoring user trust.

Ensuring Safety of Other Pools

Importantly, this vulnerability did not affect v2 and v3 vaults. Yearn Finance clearly stated that the security of its core vault systems currently in operation remains intact.

Future Security Enhancement Plans

To prevent recurrence, Yearn Finance has decided to implement a domain verification mechanism. This is expected to help detect and prevent similar vulnerabilities caused by numerical errors in the future.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.