YFI -11.48% in 1 Month Amid Major Security Breach

Generated by AI AgentCryptoPulse AlertReviewed byTianhao Xu
Tuesday, Dec 2, 2025 3:40 am ET2min read
Aime RobotAime Summary

- Yearn Finance's YFI token dropped 5.22% in 24 hours, with 11.48% monthly losses following a $8.9M yETH stableswap pool exploit.

- Attack exploited a code vulnerability to mint yETH, draining funds from two pools, though V2/V3 vaults remained unaffected.

- $2.39M recovered via Plume/Dinero collaboration, but incident highlights DeFi's ongoing legacy contract risks and investor uncertainty.

On DEC 2 2025,

Yearn
Finance’s
YFI
token has recorded a 5.22% drop in the last 24 hours, extending its decline with an 11.12% loss in the past week and a 11.48% drop in the last month. The token has also lost over half its value compared to one year ago, with a 54.2% decline recorded. These movements follow a significant security incident involving the yETH stableswap pool that shook the DeFi sector.

Exploit Details and Immediate Response

Yearn Finance confirmed on November 30 that a critical vulnerability in its legacy yETH stableswap pool had been exploited, resulting in the loss of $8.9 million across two pools. The attack exploited a subtle arithmetic flaw in the custom code underpinning the pool, which allowed a malicious actor to mint a large volume of yETH in a single transaction and drain funds.

Approximately $8 million was extracted from the yETH stableswap pool and an additional $900,000 from the yETH–WETH pool on Curve. The incident marked one of the most notable security breaches in recent DeFi history, raising concerns over the risks associated with legacy smart contracts.

Recovery Efforts Underway

Following the incident,

Yearn Finance
, along with security partners SEAL 911 and ChainSecurity, launched an immediate response to contain the damage. On December 1, the team announced the successful recovery of $2.39 million, achieved in collaboration with Plume and Dinero. The recovered funds include 857.49 pxETH and will be returned to affected depositors as the recovery process continues.

The protocol confirmed that its V2 and V3 vaults—holding over $600 million in assets—were unaffected by the exploit and remain operational on separate code paths. Yearn Finance is now conducting a thorough post-mortem in partnership with its audit firms and has urged impacted users to seek assistance via the Yearn Discord channel.

Broader DeFi Security Concerns

The yETH exploit adds to a series of high-profile security incidents across the DeFi space in recent weeks. In late November, both Prisma Finance and Raft Finance suffered losses due to compromised keys and contract vulnerabilities. Earlier in the year, Curve Finance itself experienced a major exploit tied to a Vyper compiler bug, underscoring the ongoing challenges with legacy smart contract infrastructure.

The Yearn team has emphasized that they are proactively reviewing older contracts to mitigate future risks and improve overall security. Analysts have noted that such incidents continue to

test
investor confidence in DeFi protocols, with YFI’s sharp decline reflecting broader uncertainty.

YFI’s Market Reaction

YFI’s price reaction was swift and severe, with the token falling approximately 10% in the wake of the exploit announcement. While the initial drop raised concerns about protocol stability, the partial recovery of funds has offered some reassurance to the community. At the time of reporting, YFI was trading at $3,686, according to market data.

The incident underscores the importance of robust security frameworks in the DeFi ecosystem. As Yearn Finance works to restore user trust and stabilize its operations, the broader market will be watching closely for further developments and the long-term impact on YFI’s valuation.

Comments



Add a public comment...
No comments

No comments yet