A complex exploit targeting Yearn Finance’s legacy yETH pools resulted in a loss of approximately $9 million on Sunday. The attacker exploited a vulnerability within the pool’s minting logic, creating near-infinite amounts of yETH tokens, which were then used to drain real liquidity from various Curve and stableswap pools. Despite this attack, Yearn confirmed that its newer products (V2 and V3) remain unaffected. A recovery mission is currently underway in collaboration with external security teams, with approximately $2.4 million in assets already recovered. 857.49 pxETH has been reclaimed as part of the effort. The protocol notes the attack targeted a legacy contract and emphasizes its impact only extends to this pool. The incident highlights the vulnerability of older DeFi contracts and the need for continued vigilance against such attacks.