On November 30, 2025, a critical exploit targeting Yearn Finance's yETH pool on Ethereum was detected, resulting in a theft of approximately $9 million. The yETH pool is a complex DeFi protocol that manages a basket of Ethereum-based liquid staking derivatives (LSDs) through a weighted stableswap AMM with virtual balances cached in storage variables (packed_vbs[]) to optimize gas costs. The vulnerability stemmed from a missing state reset: when all liquidity was withdrawn and the supply counter reset to zero, the cached virtual balances were not cleared, leaving residual phantom balances. The attacker exploited this by performing multiple deposit-withdraw cycles using flash loans to poison the packed_vbs[] storage with residual values. After fully draining the pool liquidity, the attacker made a minimal deposit of 16 wei, triggering the protocol's “first-ever deposit” logic, which read stale cached values instead of the actual deposit amount. This caused the protocol to mint an astronomical number of yETH tokens (235 septillion), effectively granting the attacker control over the entire pool. The attacker then swapped these tokens for underlying assets and converted them to ETH, repaid flash loans, and laundered proceeds via Tornado Cash. The root cause was an incomplete state cleanup in the remove_liquidity() function, where virtual balances were decremented but never reset to zero upon full withdrawal. This subtle bug was exacerbated by the protocol's reliance on cached virtual balances for gas optimization and complex multi-asset weighted pool mechanics. The exploit demonstrates the risks of implicit assumptions in state management and the need for explicit handling of all edge cases in DeFi smart contracts. Prevention would require explicit zeroing of cached balances when supply hits zero, comprehensive multi-transaction state tracking, and real-time detection of abnormal minting ratios. This incident underscores the importance of rigorous engineering discipline and runtime protection tailored to protocol logic in complex DeFi ecosystems.

The exploit resulted in a direct financial loss of approximately $9 million from the Yearn Finance yETH pool, undermining trust in the protocol and potentially affecting liquidity providers and users relying on yETH tokens. For European organizations engaged in DeFi investments, asset management, or providing infrastructure supporting Ethereum-based liquid staking derivatives, the exploit highlights systemic risks in complex AMM protocols with cached state optimizations. The attack could lead to significant financial losses, reputational damage, and regulatory scrutiny, especially as DeFi adoption grows in Europe. Additionally, the laundering of stolen funds through Tornado Cash raises concerns about anti-money laundering (AML) compliance and the effectiveness of existing controls. The exploit's capital efficiency and use of flash loans demonstrate how minimal upfront capital can cause disproportionate damage, increasing the threat surface for other DeFi protocols with similar design patterns. European DeFi platforms and custodians may face increased pressure to enhance security audits, implement real-time monitoring, and collaborate with law enforcement to mitigate such sophisticated attacks. The incident also stresses the need for regulators to understand the technical nuances of DeFi vulnerabilities to craft effective policies.

1. Explicitly reset cached virtual balances (packed_vbs[]) to zero whenever the total supply of LP tokens reaches zero to prevent residual phantom balances. 2. Implement comprehensive multi-transaction state tracking and simulation tools capable of detecting abnormal state poisoning patterns across sequences of deposit and withdrawal operations. 3. Deploy real-time behavioral monitoring that flags and blocks transactions exhibiting anomalous minting ratios, such as disproportionate token minting relative to deposited amounts. 4. Conduct rigorous formal verification and extensive edge case testing focusing on state transitions, especially for complex multi-asset AMM protocols with caching optimizations. 5. Limit or monitor flash loan usage within the protocol to reduce the risk of capital-efficient state manipulation attacks. 6. Enhance oracle and rate provider security to ensure accurate exchange rates for LSDs, preventing manipulation of virtual balance calculations. 7. Encourage transparent and frequent security audits by independent experts specializing in DeFi smart contracts. 8. Integrate on-chain runtime protection solutions that understand protocol-specific logic rather than relying solely on signature-based detection. 9. Educate users and liquidity providers about risks associated with complex DeFi pools and encourage diversification to mitigate exposure. 10. Collaborate with blockchain analytics and law enforcement to trace and disrupt laundering channels such as Tornado Cash.