The decentralized finance sector witnessed a devastating breach targeting Yearn Finance’s yETH pool, resulting in the theft of approximately $9 million on November 30, 2025.
The attacker executed a highly sophisticated exploit, minting an astronomical 235 septillion yETH tokens while depositing a mere 16 wei — an amount worth less than a fraction of a cent.
This incident highlights the fragility of complex mathematical invariants in smart contracts, where gas optimization strategies can inadvertently introduce catastrophic security flaws.
The core vulnerability lay within the protocol’s internal accounting mechanism, specifically its use of cached storage variables known as packed_vbs.
Designed to reduce transaction costs by storing virtual balance information, these variables failed to reset correctly when the pool’s liquidity supply dropped to zero.
While the main supply counter reset, the cached values retained phantom balances from previous transactions, creating a critical discrepancy between the actual and recorded state of the pool.
Check Point security analysts noted the malware’s behavior and identified that this was not a simple code error but a logic flaw in state management.
By manipulating the interaction between deposit and withdrawal functions, the attacker tricked the system into believing the pool held vast value when it was effectively empty.
The exploit represents one of the most capital-efficient attacks in history, requiring negligible upfront capital to drain millions in Ethereum-based assets.
The Mechanics of State Poisoning
The attack unfolded through a meticulous process of state poisoning, exploiting the protocol’s failure to clear its cache.
The perpetrator initiated over ten cycles of deposits and withdrawals using flash-loaned funds, deliberately leaving minute residual values in the packed_vbs storage slots.
This repetitive action poisoned the storage with accumulated data that persisted even after the attacker withdrew all legitimate liquidity, bringing the pool’s total supply to zero.
Crucially, the protocol’s add_liquidity function contained a fatal assumption: it presumed that a zero supply meant a pristine, empty pool.
When the attacker deposited their final 16 wei, the system read the stale, non-zero values from the poisoned cache instead of calculating based on the new deposit.
This miscalculation triggered the minting of septillions of LP tokens, granting the attacker absolute control over the pool’s assets, which were subsequently swapped for WETH and laundered through Tornado Cash.
This case serves as a stark reminder that complex DeFi systems require explicit state management to prevent such high-value exploits.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
Read more on Cyber Security News
