Yearn Finance Recovers $2.4 Million After Latest Exploit, Estimated Losses Near $9 Million

• Yearn Finance recovers $2.4 million after $9 million exploit.
• Complex attack drains assets from Yearn’s yETH pools, vulnerabilities found.
• Recovery efforts ongoing, security firms assist with asset retrieval process.

Yearn Finance has managed to recover approximately $2.4 million of stolen assets following a significant exploit targeting its legacy protocol. This breach, which occurred over the weekend, led to total losses reaching an estimated $9 million. The team is actively working to recover further assets, with a coordinated recovery mission underway.

Also Read: Cryptocurrency Market Sees Bitcoin Rise, Ethereum, XRP, BNB, DOGE Decline in 24 Hours

Exploit Details and Technical Breakdown

On Sunday, a vulnerability within the protocol was exploited, allowing an attacker to drain funds from Yearn’s Ether (yETH) stableswap pool and a smaller yETH-WETH pool on Curve Finance. This attack is the third such event since 2021 and bears striking similarities to the recent Balancer exploit in terms of its complexity. The vulnerability stemmed from an “unchecked arithmetic” bug and other design flaws in the code, allowing the attacker to mint an astronomical number of yETH tokens approximately 2.3544×10^56 thereby draining liquidity from the pools.

The post-mortem analysis revealed that the attacker used this huge mint to perform a series of withdrawals, transferring real assets to their own wallet, while the minted yETH tokens held no intrinsic value. These exploitations were followed by the use of self-destructing helper contracts, which are auxiliary smart contracts often abused in flash loan attacks. These contracts were deployed to manipulate the vulnerable yETH function and execute the attack before self-destructing and removing their bytecode from the blockchain.

Yearn Finance reassured its users that the exploit does not affect its V2 or V3 vaults. The team is committed to returning any recovered assets to the affected depositors. The attack itself was highly targeted, and measures are in place to prevent similar occurrences in the future.

Recovery Efforts and Collaboration with Security Firms

In collaboration with crypto security firms SEAL 911 and ChainSecurity, Yearn Finance, alongside Plume network, has successfully recovered 857.49 pxETH, with more recovery efforts ongoing. The stolen funds, including at least 1,000 ETH, were moved through the Tornado Cash anonymizer, making the investigation and recovery process even more challenging.

Despite the magnitude of the attack, Yearn has stressed that there are no other products currently using the same vulnerable code. As the recovery process continues, the team remains focused on mitigating the impact on affected users and restoring their funds as quickly as possible.

Also Read: Egrag Crypto: XRP Monthly Chart Is Flashing Something Big, Here’s What’s Next

The post Yearn Finance Recovers $2.4 Million After Latest Exploit, Estimated Losses Near $9 Million appeared first on 36Crypto.