BorsaDEX+
Kripto AlPiyasalarSpotVadeli İşlemler500XBirikimEtkinlikler
Daha Fazla
ELIZAOS Etkinliği
PeckShield says hackers minted unlimited yETH, drained a custom stETH/rETH pool, and laundered over $3 million in ETH through Tornado Cash.PeckShield says hackers minted unlimited yETH, drained a custom stETH/rETH pool, and laundered over $3 million in ETH through Tornado Cash.

Yearn Finance Loses $9M in Single-Transaction Exploit of yETH Vault

Yazar: CryptoPotatoKaynak: CryptoPotato
2025/12/01 18:34
FINANCE
FINANCE$0.0002069-7.05%
Lido Staked ETH
STETH$2,832.4-3.93%
Ethereum
ETH$2,835.17-3.80%

Yearn Finance has suffered a major security breach, resulting in the loss of approximately $9 million.

The exploit targeted a legacy stable swap pool associated with the protocol’s yETH token that allowed the hackers to mint an infinite number of coins.

Flaw in the yETH Contract

Blockchain security firm Peckshield was the first to flag the incident via X, stating, “Yearn Finance suffered an attack resulting in a total loss of ~$9M.”

According to the analysts, the attacker abused a critical vulnerability in the yETH token contract that let them mint fresh yETH without posting adequate collateral, effectively inflating the token supply at will. This loophole was then used to drain liquidity from a pool outside of Yearn’s core vault products.

Targeted in the exploit was a custom-built contract designed to aggregate staked Ethereum derivatives such as stETH and rETH. The protocol later shared that the yUSND pool and Nerite’s vaults remained secure and were not impacted by the protocol failure. Following the attack, those responsible then laundered over $3 million in stolen ETH through Tornado Cash. Meanwhile, the remaining $6 million in various staked Ethereum assets remain in their wallet address (0xa80d…c822) as of the latest blockchain scans.

Yearn also confirmed the compromise on X. It reported that $0.9 million was lost from the yETH-WETH stableswap pool on Curve, while an additional $8 million was drained from the affected pool. Impacted users were also advised to open a support ticket on the project’s Discord.

Early Investigation Findings

The platform announced that it has assembled a war room, comprising SEAL911 and its audit partner, Chain Security, with a full postmortem investigation underway.

Early findings suggest that the incident shares a similar level of technical complexity with the recent Balancer hack. That unauthorized access resulted in more than $120 million being stolen across the platform’s main protocol and several forks.

On-chain analysts traced the Balancer event to a precision-loss bug in the integer fixed-point arithmetic used to calculate scaling factors within Composable Stable Pools, which are optimized for near-parity asset pairs like USDC/USDT or WETH/stETH.

SlowMist later shared that the flaw led to subtle but repeated price discrepancies during swaps, particularly when attackers executed multiple operations within a single transaction using the batch swap function.

Meanwhile, Yearn’s incident follows shortly after Korean exchange Upbit suffered its own security lapse, which resulted in the loss of $50 million in Ethereum.

The post Yearn Finance Loses $9M in Single-Transaction Exploit of yETH Vault appeared first on CryptoPotato.

Piyasa Fırsatı
FINANCE Logosu
FINANCE Fiyatı(FINANCE)
$0.0002069
$0.0002069$0.0002069
-0.28%
USD
FINANCE (FINANCE) Canlı Fiyat Grafiği
Sorumluluk Reddi: Bu sitede yeniden yayınlanan makaleler, halka açık platformlardan alınmıştır ve yalnızca bilgilendirme amaçlıdır. MEXC'nin görüşlerini yansıtmayabilir. Tüm hakları telif sahiplerine aittir. Herhangi bir içeriğin üçüncü taraf haklarını ihlal ettiğini düşünüyorsanız, kaldırılması için lütfen [email protected] ile iletişime geçin. MEXC, içeriğin doğruluğu, eksiksizliği veya güncelliği konusunda hiçbir garanti vermez ve sağlanan bilgilere dayalı olarak alınan herhangi bir eylemden sorumlu değildir. İçerik, finansal, yasal veya diğer profesyonel tavsiye niteliğinde değildir ve MEXC tarafından bir tavsiye veya onay olarak değerlendirilmemelidir.

Ayrıca Şunları da Beğenebilirsiniz

Optum Golf Channel Games Debut In Prime Time

Optum Golf Channel Games Debut In Prime Time

The post Optum Golf Channel Games Debut In Prime Time appeared on BitcoinEthereumNews.com. FARMINGDALE, NEW YORK – SEPTEMBER 28: (L-R) Scottie Scheffler of Team
Paylaş
BitcoinEthereumNews2025/12/18 07:21
Google's AP2 protocol has been released. Does encrypted AI still have a chance?

Google's AP2 protocol has been released. Does encrypted AI still have a chance?

Following the MCP and A2A protocols, the AI Agent market has seen another blockbuster arrival: the Agent Payments Protocol (AP2), developed by Google. This will clearly further enhance AI Agents' autonomous multi-tasking capabilities, but the unfortunate reality is that it has little to do with web3AI. Let's take a closer look: What problem does AP2 solve? Simply put, the MCP protocol is like a universal hook, enabling AI agents to connect to various external tools and data sources; A2A is a team collaboration communication protocol that allows multiple AI agents to cooperate with each other to complete complex tasks; AP2 completes the last piece of the puzzle - payment capability. In other words, MCP opens up connectivity, A2A promotes collaboration efficiency, and AP2 achieves value exchange. The arrival of AP2 truly injects "soul" into the autonomous collaboration and task execution of Multi-Agents. Imagine AI Agents connecting Qunar, Meituan, and Didi to complete the booking of flights, hotels, and car rentals, but then getting stuck at the point of "self-payment." What's the point of all that multitasking? So, remember this: AP2 is an extension of MCP+A2A, solving the last mile problem of AI Agent automated execution. What are the technical highlights of AP2? The core innovation of AP2 is the Mandates mechanism, which is divided into real-time authorization mode and delegated authorization mode. Real-time authorization is easy to understand. The AI Agent finds the product and shows it to you. The operation can only be performed after the user signs. Delegated authorization requires the user to set rules in advance, such as only buying the iPhone 17 when the price drops to 5,000. The AI Agent monitors the trigger conditions and executes automatically. The implementation logic is cryptographically signed using Verifiable Credentials (VCs). Users can set complex commission conditions, including price ranges, time limits, and payment method priorities, forming a tamper-proof digital contract. Once signed, the AI Agent executes according to the conditions, with VCs ensuring auditability and security at every step. Of particular note is the "A2A x402" extension, a technical component developed by Google specifically for crypto payments, developed in collaboration with Coinbase and the Ethereum Foundation. This extension enables AI Agents to seamlessly process stablecoins, ETH, and other blockchain assets, supporting native payment scenarios within the Web3 ecosystem. What kind of imagination space can AP2 bring? After analyzing the technical principles, do you think that's it? Yes, in fact, the AP2 is boring when it is disassembled alone. Its real charm lies in connecting and opening up the "MCP+A2A+AP2" technology stack, completely opening up the complete link of AI Agent's autonomous analysis+execution+payment. From now on, AI Agents can open up many application scenarios. For example, AI Agents for stock investment and financial management can help us monitor the market 24/7 and conduct independent transactions. Enterprise procurement AI Agents can automatically replenish and renew without human intervention. AP2's complementary payment capabilities will further expand the penetration of the Agent-to-Agent economy into more scenarios. Google obviously understands that after the technical framework is established, the ecological implementation must be relied upon, so it has brought in more than 60 partners to develop it, almost covering the entire payment and business ecosystem. Interestingly, it also involves major Crypto players such as Ethereum, Coinbase, MetaMask, and Sui. Combined with the current trend of currency and stock integration, the imagination space has been doubled. Is web3 AI really dead? Not entirely. Google's AP2 looks complete, but it only achieves technical compatibility with Crypto payments. It can only be regarded as an extension of the traditional authorization framework and belongs to the category of automated execution. There is a "paradigm" difference between it and the autonomous asset management pursued by pure Crypto native solutions. The Crypto-native solutions under exploration are taking the "decentralized custody + on-chain verification" route, including AI Agent autonomous asset management, AI Agent autonomous transactions (DeFAI), AI Agent digital identity and on-chain reputation system (ERC-8004...), AI Agent on-chain governance DAO framework, AI Agent NPC and digital avatars, and many other interesting and fun directions. Ultimately, once users get used to AI Agent payments in traditional fields, their acceptance of AI Agents autonomously owning digital assets will also increase. And for those scenarios that AP2 cannot reach, such as anonymous transactions, censorship-resistant payments, and decentralized asset management, there will always be a time for crypto-native solutions to show their strength? The two are more likely to be complementary rather than competitive, but to be honest, the key technological advancements behind AI Agents currently all come from web2AI, and web3AI still needs to keep up the good work!
Paylaş
PANews2025/09/18 07:00
Read Trend And Momentum Across Markets

Read Trend And Momentum Across Markets

The post Read Trend And Momentum Across Markets appeared on BitcoinEthereumNews.com. Widely used in technical analysis, the MACD indicator helps traders read trend
Paylaş
BitcoinEthereumNews2025/12/18 07:14