Yearn Finance详述900万美元yETH漏洞攻击,确认部分资产恢复并公布修复计划
Odaily星球日报讯 Yearn Finance 发布了针对上周 yETH 漏洞攻击的详细事后报告,指出其遗留的 stableswap 流动性池中存在一个三阶段数值错误,该错误导致攻击者能够“无限铸造”LP 代币,并从该流动性池中盗取了约 900 万美元资产。
Yearn 确认,已在 Plume 和 Dinero 团队的协助下,成功追回 857.49 枚 pxETH,约占被盗资产的四分之一。团队计划将追回的资金按比例分配给 yETH 的储户。
该去中心化金融协议表示,该漏洞攻击发生在 2025 年 11 月 30 日的区块 23,914,086,攻击者通过复杂的操作序列,迫使流动性池的内部解析器进入发散状态,并最终触发算术下溢。该攻击目标是聚合多种流动性质押代币(LSTs)的自定义 stableswap 池,以及一个 yETH/WETH Curve 池。Yearn 强调,其 v2 和 v3 保险库及其他产品未受影响。
为解决这些问题,Yearn 公布了修复计划,包括在解析器上实施明确的域检查、用受检查的算术代替关键部分中的不安全算术、以及在池上线后禁用引导逻辑等。
Disclaimer: OKX Orbit content is provided for informational purposes only. Learn more
Replies
Related Flash News
Blockbeats•47d agoThe dYdX community voted to approve the "phasing out 12 markets" proposal
Blockbeats•48d agoOn-chain investigator: A large number of North Korean IT workers are deeply involved in building blockchain protocols, dating back to DeFi Summer in 2020
Blockbeats•121d agoBinance will delist spot trading pairs such as AI/BTC, ALLO/BNB, APE/BTC, etc
Odaily•121d agoBinance will remove 20 spot trading pairs, including AI/BTC, on January 23, 2026
Wu Blockchain•144d agoLookonchain: Suspected Indexed Finance and Kyber attacker associated addresses are active again after 1 year of silence
PANews•144d agoIndexed Finance and Kyber Network hacked linked wallets to sell about $2.11 million in assets again after a year
ChainCatcher•144d agoWallets linked to Indexed Finance and Kyber Network hackers dumped $2.11 million in tokens after 1 year of dormancy
Odaily•144d agoWallets linked to Indexed Finance and Kyber Network hackers sold $2.11 million in tokens after one year of dormancy
ChainCatcher•166d agoYearn Finance details the $9 million yETH exploit, confirms the recovery of some assets, and announces a repair plan
ChainCatcher•169d agoSlow Mist: The root cause of the yearn attack is the insecure math of the Yearn yETH pool contract