Gate News message, April 6, on-chain investigator @tayvano_ posted and disclosed that North Korean IT workers had participated in building multiple well-known crypto protocols, with projects that can be traced back to the DeFi Summer era, including SushiSwap, THORChain, Harmony, Ankr, Shib, and Yearn. @tayvano_ also added that the “7 years of blockchain development experience” marked on these North Korean IT workers’ resumes is not false.

Golden Finance reports that, according to PeckShield monitoring, the official Yearn Finance account yearn announced that the platform was hacked, resulting in a total loss of approximately $300,000. The attacker has exchanged the stolen funds for 103 Ethereum, which are currently stored at the following address: 0x0F21

Odaily Planet Daily news: Yearn Finance has released a detailed post-mortem report on last week's yETH vulnerability attack, revealing that a three-stage numerical error existed in its legacy stableswap liquidity pool. This error allowed attackers to "mint unlimited" LP tokens and steal approximately $9 million worth of assets from the pool. Yearn confirmed that, with the assistance of the Plume and Dinero teams, it successfully recovered 857.49 pxETH, accounting for about a quarter of the stolen assets. The team plans to distribute the recovered funds proportionally to yETH depositors. The decentralized finance protocol stated that the vulnerability attack occurred at block 23,914,086 on November 30, 2025, during which the attacker used a complex sequence of operations to force the internal parser of the liquidity pool...

According to Jinse Finance, monitored by SlowMist, on December 1, the decentralized finance protocol Yearn suffered a hacker attack, resulting in a loss of approximately $9 million. The SlowMist security team analyzed the incident and confirmed the root cause as follows: The vulnerability originated from the calcsupply function logic used to calculate supply in the Yearn yETH Weighted Stableswap Pool contract. Due to unsafe mathematical operations, the function allowed overflow and rounding errors during computation, resulting in a significant deviation in the product calculation between the new supply and the virtual balance. Attackers exploited this flaw to manipulate liquidity to specific values and excessively mint liquidity pool (LP) tokens, thereby profiting illegally. It is recommended to enhance boundary scenario testing and adopt securely verified arithmetic mechanisms to prevent similar protocol vulnerabilities.

Golden Finance reported that PeckShield posted on the X platform, stating that yearn recovered $2.4 million by destroying the hacker's pxETH and minted the same amount of tokens on the RedactedCartel multisignature.

PANews, December 1st news, Yearn tweeted that the recent yETH-related attack did not affect the yCRV product.

PANews, December 1st news, according to PeckShieldAlert disclosed on X platform, Yearn Finance was attacked, and the hacker exhausted the fund pool through infinite minting of yETH, resulting in a loss of about 9 million USD. About 1,000 ETH (approximately 3 million USD) were transferred to Tornado Cash, and the attacker's Address still holds encryption assets worth approximately 6 million USD.

PANews, December 1st news, according to The Block, Yearn Finance's aggregated staking token product yETH was attacked. The attacker exploited a vulnerability to mint yETH almost without limit, depleting the pool's assets in a single transaction. On-chain data shows that the attacker subsequently transferred approximately 1000 ETH (about 3 million USD) into the mixing protocol Tornado Cash. Multiple contracts used for the attack self-destructed after the transaction. The specific scale of losses is still unclear, and Yearn stated that it is investigating the incident, along with its V2 and V3.

Foresight News reports that Yearn community members pointed out that Stream's losses stem from high leverage and opaque fund usage, emphasizing that DeFi projects need to prioritize standardization and risk management. Aave's founder warned that immutable oracles and interest rate curves could trigger a lending protocol crisis, calling for the development of a safe and robust DeFi ecosystem.