Legacy Yearn Vault Exploited in Second Attack on the Protocol This Month

Yield aggregator Yearn Finance finds itself licking its wounds after yet another exploit, this time to the tune of $300,000.

Security firm PeckShield confirmed the incident on Tuesday evening, Dec. 16, reporting that the exploiter was able to swap the stolen funds for 103 ETH, worth approximately $290,000 at current prices.

The recent hack is Yearn’s second in the last month, though today’s is much smaller than the $9 million loss at the beginning of the month.

About an hour after PeckShield reported the exploit, Yearn posted on its X account that the exploit was of an old contract belonging to an early version of Yearn called iEarn, and that current Yearn vaults weren’t affected:

On-chain analyst and researcher Weilin Li reported that the hack was executed via a flash loan attack on the legacy protocol’s TUSD vault, which manipulated the iEarn-TUSD share price. Despite the attacker’s success, Li said they left just over $200,000 worth of sUSD inside of the TUSD vault, which is now locked.

Yearn is one of the earliest DeFi platforms, launched by Andre Cronje in early 2020, and one of the protocols that kicked off “DeFi summer” that year.

Yearn YFI token is down over 6% on the news, and is now down nearly 70% over the last year.

Multiple Exploits

Yearn Finance reached its peak in December 2021, when its total value locked hit $7 billion, despite an $11 million hack in February of that year. However the ecosystem began to unravel in 2022, with TVL dropping sharply, before eventually being exploited again in April 2023.

Yearn has had a bit of a comeback in 2025, with TVL growing from $250 million all the way back to $800 million in October, but the metric has been slowly falling off since the 10/10 liquidations. The protocol’s TVL currently sits at $562 million, a 124% increase on the year, but a 92% decrease from its all-time high.