Yearn asks for money back after it accidentally loses part of its treasury

The incident happened after a “faulty multisig script” swapped Yearn’s entire treasury balance

article-image

Andre Cronje/Shutterstock modified by Blockworks

share

Updated Dec. 13, 2023 at 1:33 pm ET: Modified headline and context following Yearn clarification.

Thanks to a script error, Yearn lost part of its treasury.

While it initially posted that it lost 63% of the treasury, it corrected its GitHub post to say that it lost “63% of the LP value.” The clarification was made Wednesday after Blockworks published the initial figures.

“When factoring in the 779,958 yvDAI tokens received from this trade, the total loss experienced by Yearn’s treasury comes out to about 63%,” the post said initially.

This loss occurred when a malfunction in a multisig (multi-signature) script led to the unintended swap of Yearn’s treasury balance.

The company clarified that the funds were strictly from Yearn’s treasury, and not from any customer funds.

According to a post, a “faulty multisig script caused Yearn’s entire treasury balance of 3,794,894 lp-yCRVv2 tokens to be swapped.” The incident happened on Dec. 11. 

“This amount comprised a large portion of the Curve pool, and therefore incurred significant slippage which arbed back to the normal price by the market shortly after,” Yearn wrote.

“When factoring in the 779,958 yvDAI tokens received from this trade, the total loss experienced by Yearn’s treasury comes out to about 63%.”

The DeFi protocol is also asking “anyone who profitably arbed this mistake to return an amount that they feel is reasonable to Yearn’s main multisig ychad.eth.”

The post explained that multiple oversights led to the faulty transfer. The entire treasury balance, including fees, was transferred to the trading multisig, which sent the transaction to CoW Swap for 30 or so orders — including the one to swap the balance. 

Read more: Sorella and CoW Protocol have something in common: Making on-chain exchanges work better

The post said that the high volume of trades involved in this single transaction significantly complicated the process of human review, leading to the oversight not being caught in time.

“The script used by the trading multisig to swap tokens lacked sufficient output checks and contained a logical error that would have capped the trade size to a reasonable amount,” Yearn wrote.

The protocol put new checks in place to prevent the same error from happening again. These include segregating protocol-owned liquidity (POL) funds into separate entities, enhancing trading scripts with more human-readable output messages, and imposing “stricter price impact thresholds” during trades.

Earlier this year, Yearn was targeted in an attack. The attacker was able to make off with roughly $11 million in stablecoins. 

The attack happened when a vulnerability in a Yearn vault was exploited, allowing the attacker to access tether (USDT) deposits.

Using 10,000 USDT, the attacker then minted 1.2 quadrillion yUSDT — the Yearn-equivalent token — and swapped them for stablecoins using Curve Finance to bag $11.6 million.


Get the news in your inbox. Explore Blockworks newsletters:

  • Blockworks Daily: The newsletter that helps thousands of investors understand crypto and the markets, by Byron Gilliam.
  • Empire: Start your morning with the top news and analysis to inform your day in crypto.
  • Forward Guidance: Reporting and analysis on the growing intersection of crypto and macroeconomics, policy and finance.
  • 0xResearch: Alpha directly in your inbox. Market highlights, data, degen trade ideas, governance updates, token performance and more.
  • Lightspeed: Built for Solana investors, developers and community members. The latest from one of crypto’s hottest networks.
  • The Drop: For crypto collectors and traders, covering apps, games, memes and more.
Tags

Upcoming Events

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Research Report Templates (5).png

Research

Outside of stablecoins, the value of tokenized assets sits below $20B, dominated by the following asset classes: private credit, US Treasuries, commodities, institutional alternative funds, stocks, non-US government debt, and corporate bonds. In the coming months, we see the greatest opportunities in the tokenization of illiquid markets, particularly private equity. However, the successful integration of offchain assets into blockchain ecosystems relies heavily on clear and consistent regulatory frameworks, with purpose-built infrastructure to support it.

article-image

The MicroStrategy founder understood digital scarcity long before Bitcoin, and it’s a story of bubbles, brokers and a “monster bull run.”

article-image

DAS panelists shared strong venture capital takeaways, from how big a raise should be to the role VCs play in the industry

article-image

Titan Exchange CEO Chris Chung says Titan bests Solana’s incumbent DEX aggregator Jupiter on price 80% of the time

article-image

The SEC’s newest statement on PoW mining adds further clarity, though a commissioner points out its limits

article-image

Markets react to Fed Chair Jerome Powell’s comments at yesterday’s FOMC meeting

article-image

At DAS, the US president noted he’s called upon Congress to enact “simple, common-sense rules” for stablecoins and market structure