Yearn Finance details $9 million yETH vulnerability attack, confirms partial asset recovery, and announces remediation plan.

Mars Finance reports that Yearn Finance has released a detailed post-incident report on last week's yETH vulnerability attack, revealing a three-phase numerical error in its legacy stableswap liquidity pool. This error allowed attackers to "mint" LP tokens indefinitely, stealing approximately $9 million from the liquidity pool. Yearn confirmed that, with the assistance of the Plume and Dinero teams, they successfully recovered 857.49 pxETH, approximately one-quarter of the stolen assets. The team plans to distribute the recovered funds pro rataly to yETH depositors. The decentralized finance protocol stated that the vulnerability occurred at block 23,914,086 on November 30, 2025. The attackers used a complex sequence of operations to force the liquidity pool's internal resolver into a divergent state, ultimately triggering an arithmetic underflow. The attack targeted a custom stableswap pool aggregating multiple liquidity staking tokens (LSTs) and a yETH/WETH Curve pool. Yearn emphasized that its v2 and v3 vaults and other products were unaffected. To address these issues, Yearn released a remediation plan that includes implementing explicit domain checks on the resolver, replacing unsafe arithmetic in critical sections with checked arithmetic, and disabling bootstrapping logic after the pool comes online.