Yearn Finance suffered a major attack on November 30th, resulting in the theft of approximately $2.8 million worth of assets. The exploit involved a malicious wallet executing an infinite-mint attack that created an effectively unlimited supply of yETH tokens, enabling the attacker to drain liquidity from Balancer pools and cause significant financial losses. Nansen confirmed the incident, and preliminary investigations suggest the vulnerability was in the yETH token contract itself, not Yearn’s core Vault infrastructure. The stolen funds were subsequently laundered through Tornado Cash within minutes of the attack. While initial claims of a broader Yearn exploit triggered speculative short selling on YFI, which led to a sharp price spike, it later became clear that only yETH was affected, and core systems remained secure. 235 trillion yETH tokens were minted in a single transaction, marking one of the largest DeFi exploits ever reported.