On November 30, 2025, the decentralized finance ecosystem witnessed one of the most capital-efficient exploits in its history. An attacker deposited just 16 wei — an amount worth approximately $0.000000000000000045 — into a Yearn Finance yETH pool contract and walked away with approximately $9 million in stolen Ethereum-based assets. The incident, detected by Check Point Research within hours of execution, exposed a critical state management flaw in legacy smart contract code that had been operating on the network for years without detection.
At the time of the exploit, Bitcoin traded near $90,394 and Ethereum hovered around $2,992, according to CoinMarketCap data. The broader cryptocurrency market carried a total capitalization exceeding $2.5 trillion, making the $9 million Yearn theft a relatively contained event in absolute terms — but one with outsized implications for how DeFi protocols manage internal accounting.
The Exploit Mechanics
The attack exploited a cached storage vulnerability in Yearn Finance’s yETH pool, a weighted stableswap automated market maker that holds multiple liquid staking derivatives including wstETH, rETH, cbETH, and others. The pool uses a sophisticated mathematical invariant accounting for weighted ratios, exchange rates, and virtual balances — with a gas optimization that stores calculated values in state variables called packed_vbs[] rather than recalculating them on every operation.
The vulnerability emerged from an incomplete state cleanup. When all liquidity was withdrawn and the pool supply reached zero, the main supply counter correctly reset — but the packed_vbs[] cached values were never explicitly cleared. Due to rounding during withdrawal calculations, tiny residual amounts persisted in these storage slots.
The attacker executed a meticulously planned six-phase operation. First, they borrowed assets via flash loans from Balancer and Aave, obtaining wstETH, rETH, WETH, ETHx, and cbETH without any upfront capital. Second, they performed over ten deposit-and-withdrawal cycles, deliberately leaving small residual values in the packed_vbs[] storage with each iteration — a process security researchers termed “state poisoning.” Third, they burned all remaining LP tokens, setting the supply to zero while the cached values remained populated with accumulated phantom balances. Fourth, they deposited just 16 wei across eight tokens. The protocol detected zero supply and triggered its “first-ever deposit” logic, reading the stale cached values instead of calculating from the actual deposit. This resulted in the minting of 235 septillion yETH tokens — a 41-digit number. Fifth, the attacker swapped the artificially minted tokens for WETH on Balancer pools and withdrew underlying assets. Sixth, they converted stolen assets to ETH via Uniswap V3, repaid flash loans, and laundered approximately 1,000 ETH worth $3 million through Tornado Cash.
Affected Systems
The exploit targeted exclusively the legacy yETH pool contract. Yearn V2 and V3 vaults remained completely unaffected, as the vulnerability existed only in older infrastructure that had accumulated technical debt over years of protocol evolution. The stolen assets included sfrxETH, wstETH, ETHx, cbETH, rETH, apxETH, wOETH, and mETH — a broad basket of liquid staking derivatives that the yETH pool was designed to manage.
Connected Balancer pools experienced secondary effects as the attacker swapped massive amounts of yETH for WETH, temporarily impacting price feeds. However, these effects were transient and self-correcting once the exploit completed and liquidity normalized.
The Mitigation Strategy
Yearn Finance’s response began within hours of the exploit. The team identified the affected contract and confirmed that V2 and V3 vaults were secure. Recovery efforts secured approximately $2.39 million — roughly 26% of total losses — through intercepted funds that had not yet been mixed through Tornado Cash. The protocol also outlined a remediation plan for affected users.
From a technical standpoint, the fix requires explicit state resets when pool supply reaches zero. The developers had correctly handled normal operations — adding liquidity, removing liquidity, and swapping all properly updated virtual balances — but missed the edge case where removing all liquidity should force a complete reset of cached storage values to zero. The implicit assumption that zero supply meant a “first-ever deposit” to a pristine pool proved fatally wrong after a full withdrawal cycle.
Lessons Learned
The yETH exploit carries several critical lessons for the DeFi ecosystem. First, gas optimization patterns that cache state variables introduce latent attack surfaces that may remain invisible for years. The packed_vbs[] optimization was a reasonable engineering decision — recalculation is expensive — but it created a state inconsistency that no audit caught. Second, edge cases around zero-supply states deserve the same scrutiny as core functionality. Third, legacy code accumulates technical debt that can become a time bomb, as demonstrated by the contrast between the unaffected V2/V3 vaults and the vulnerable legacy contract.
The exploit also highlighted the continued threat of flash loan-enabled attacks. The attacker required zero upfront capital, borrowing everything needed to execute the exploit and repaying it within the same transaction. This capital efficiency makes such attacks accessible to any sophisticated operator with the technical skill to identify state management flaws.
User Action Required
Users who held funds in the yETH pool should monitor Yearn Finance’s official recovery channels for distribution details. The protocol has confirmed that V2 and V3 vault users face no risk and require no action. For broader DeFi participants, this incident serves as a reminder to evaluate the age and audit status of the contracts holding their funds — newer code with bidirectional rounding and explicit state management, as seen in Balancer V3’s approach, offers stronger guarantees than legacy contracts that predate modern security practices. With November 2025 recording nearly $172 million in total crypto losses across multiple exploits, the imperative for rigorous smart contract security has never been clearer.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before engaging with any DeFi protocol.
Looking back at this six months later, it still feels surreal. That 16 wei discrepancy is going to be taught in security bootcamps for years. Yearn’s yETH exploit really marked a turning point for how we view smart contract risk in the ETH ecosystem.
defi_diver is right. this will be taught in security bootcamps. the six-phase attack from flash loan to exit was meticulously planned. stale memory is the silent killer in smart contracts
state_cleanup nailed it. the six phase attack from flash loan to exit was surgical. this wasnt a random exploit, it was planned for weeks
audit_burner the six phase execution was surgical. whoever wrote that exploit probably spent weeks mapping every cached value in the contract. this wasnt some random script kiddie
I remember the chaos when this happened last year. Glad to see a deep dive into the actual mechanics of the yETH pool drain. It’s scary how a ‘safe’ vault can be wiped out by such a tiny edge case, but this level of analysis is what the community needs to prevent a repeat.
sarah kensington remembers the chaos. 16 wei worth fractions of a cent draining 9M because of stale packed_vbs values that were never cleared on full withdrawal
16 wei creating $9M in damage. the gas optimization that stored packed_vbs instead of recalculating was the root cause. optimization is the enemy of security sometimes
the packed_vbs cache was never invalidated on full withdrawals. classic stale state bug that only triggers on edge cases. regular testing would never catch this
audit_fox_ classic gas optimization tradeoff. storing packed_vbs saved gas on every operation but the edge case of full withdrawal was never tested. every sstore optimization has a potential exploit hiding in it
audit_fox_ nailed it. edge case testing is where 90% of these exploits hide. fuzzing should have caught the stale packed_vbs
check point research detected it within hours but the funds were already moving through tornado. response time means nothing without pre-transaction monitoring