Yearn has recovered $2.4 million from its recent $9 million yETH exploit after coordinating with DeFi partners, following a minting bug that let an attacker inflate token supply.
Posted December 2, 2025 at 7:57 am EST.
Yearn Finance has recovered $2.4 million in stolen crypto following an exploit caused by an “unchecked arithmetic” bug in its custom yETH contract.
In an update shared to X, the Yearn team said that 857.49 pxETH was recovered through a coordinated recovery effort with DeFi platforms Plume and Dinero.
This story is an excerpt from the Unchained Daily newsletter.
Subscribe here to get these updates in your email for free
Thank you for subscribing
‘;
}
// Check if event.data indicates form submission
}
});
]]>
The bug allowed the attacker to mint an astronomically large number of tokens, creating a near-infinite supply to drain liquidity. Yearn estimated the total loss from the exploit sits at $9 million.
The stolen assets included 1,000 ETH and liquid staking tokens laundered partially through Tornado Cash.
According to Blockscout, the attack exploited a critical arithmetic flaw in the yETH token contract that enabled manipulation of token supply through unchecked calculations.
Self-destructing “helper contracts” automated the exploit, allowing malicious minting and withdrawal sequences before deleting themselves to obscure traces.
Powered by WPeMatico
