Quick Breakdown
- Yearn Finance has recovered $2.4 million from the $9 million yETH exploit reported on November 30.
- The recovery came after tracing 857.49 pxETH tied to the attacker and coordinating with Plume and Dinero.
- Affected users will be refunded as Yearn continues broader asset-recovery efforts and prepares a full post-mortem.
Partial rebound after November attack
Yearn Finance has taken a major step toward mitigating the damage from its late-November yETH exploit, announcing the recovery of $2.4 million out of the $9 million drained from the protocol. The update came on December 1, with the team confirming that 857.49 pxETH linked to the attacker had been successfully traced and retrieved. All recovered funds will be returned to impacted users.
yETH update: With the assistance of the Plume and Dinero teams, a coordinated recovery of 857.49 pxETH ($2.39m) was performed. Recovery efforts remain active and ongoing. Any assets successfully recovered will be returned to affected depositors.https://t.co/xaClNhd0C0
— yearn (@yearnfi) December 1, 2025
What went wrong: the legacy yETH pool flaw
The exploit occurred on November 30 at 21:11 UTC, targeting Yearn’s legacy yETH stableswap pool, a contract built with custom code rather than Curve’s standard implementation.
A subtle but critical arithmetic oversight allowed the attacker to mint an outsized amount of yETH in a single transaction, enabling them to drain approximately $8 million from the stableswap pool and another $900,000 from the yETH-WETH pool on Curve.
Yearn stressed that its widely used V2 and V3 vaults, which collectively secure over $600 million, were untouched. Security teams from Yearn, SEAL 911, and ChainSecurity moved into a war-room response immediately after the breach, with a comprehensive post-mortem currently underway.
How the recovery happened
While parts of the stolen ETH were quickly funnelled through Tornado Cash, reducing the odds of a full recovery, several liquid staking tokens tied to the exploiter remained traceable.
The pxETH recovered in this update had not been mixed or converted, allowing Yearn, in partnership with Plume and Dinero, to neutralize the exploiter’s positions and redirect the value back to the protocol.
The approach enables affected users to be compensated without waiting for lengthy legal or enforcement processes. Yearn added that recovery efforts are ongoing and that additional assets may be reclaimed if on-chain activity permits.
Community response and what’s next
Users impacted by the exploit have been advised to reach out through Yearn’s Discord for support as the investigation continues. The protocol also reiterated that no other Yearn products share the compromised code path and that all older contracts are undergoing renewed security reviews.
If you would like to read more articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
