Yearn Finance details $9 million yETH vulnerability attack, confirms partial asset recovery, and announces remediation plan.

Odaily Planet Daily reports that Yearn Finance has released a detailed post-incident report on last week's yETH vulnerability attack, pointing out a three-phase numerical error in its legacy stableswap liquidity pool. This error allowed attackers to "mint" LP tokens indefinitely and steal approximately $9 million in assets from the liquidity pool.

Yearn has confirmed that, with the assistance of the Plume and Dinero teams, they have successfully recovered 857.49 pxETH, approximately one-quarter of the stolen assets. The team plans to distribute the recovered funds proportionally to yETH depositors.

The decentralized finance protocol stated that the vulnerability occurred in block 23,914,086 on November 30, 2025. The attacker, through a complex sequence of operations, forced the internal resolver of the liquidity pool into a divergent state, ultimately triggering an arithmetic underflow. The attack targeted a custom stableswap pool aggregating multiple liquidity staking tokens (LSTs), as well as a yETH/WETH Curve pool. Yearn emphasized that its v2 and v3 vaults and other products were unaffected.

To address these issues, Yearn released a fix plan that includes implementing explicit domain checks on the resolver, replacing unsafe arithmetic in critical sections with checked arithmetic, and disabling bootstrapping logic after the pool comes online.