Hello everyone,
This past week has been extremely difficult for everyone affected by the yETH exploit. Many contributors were also yETH depositors, and we share the impact of this event personally. Since the incident, multiple teams across the ecosystem have been working around the clock to reconstruct exactly what happened, preserve evidence, recover assets, and build a clear path forward.
Current recovery status
We have successfully recovered 857.49 pxETH (~25% of the drained assets) with the assistance of the Plume and Dinero teams. These recovered funds will be distributed pro rata to all yETH depositors based on balances immediately prior to the exploit. A clear, secure claiming process will be published once the implementation is complete.
If additional funds are returned, whether by the exploiter or through further coordinated recovery, they will also be distributed pro rata.
Nothing is required from users at this stage. Please avoid interacting with unofficial links or forms.
Crucial safety warning
Snapshots have been taken at the block immediately preceding the exploit.
- Do not buy yETH or st-yETH: Because the underlying LST assets in the pool were drained, both tokens should now be treated as having no remaining economic value.
- No action is required: Buying, selling, unstaking, or moving tokens now will not change your claim amount.
- Eligibility is already fixed: Your claim is determined solely by the on-chain state before the exploit.
Understanding yETH governance
Under YIP-72, yETH is a self-governed, permissionless product whose treasury and accounting are controlled by its depositors, not the Yearn DAO or YFI token holders. This means:
- Contributors cannot unilaterally mint, reimburse, or modify user positions.
- Any action beyond distributing recovered funds requires community governance and must take into account the scale of losses and the product’s design.
We are evaluating all possible paths within these governance constraints and will communicate openly as options become clearer.
Next steps
Our priorities now are:
- Maximizing recovery of remaining assets
- Publishing a clear, technically accurate post-mortem of the exploit
- Providing a fair remediation and claims process for affected depositors
- Hardening all invariant math, numerical guards, and architectural review processes across our protocols and teams
We will continue to provide updates as they become available.
We know this has been a devastating event. Thank you for your patience, your feedback, and your resilience as we work through this together.