Audit log

Every state-changing event for Yearn Ether: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-26 18:37:06Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 422,339,839

   sig

   2FWVMtszCiXL…RaHSwej9copyexplorer ↗

   hash

   H5KrduXCTKwn…TiZCuseVcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (7957 B) ▸

   {"actor":"system:backfill","investigation_id":"5ba41826-a316-4076-b123-f3b41fc76057","kind":"publish","page_slug":"yearn-ether","published_at":"2026-05-26T18:37:06.847Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Yearn Ether","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://research.checkpoint.com/2025/16-wei/","type":"other","url":""},{"credibility":3,"name":"https://slowmist.medium.com/9-million-stolen-analysis-of-the-yearn-yeth-pool-vulnerability-557237092054","type":"other","url":""},{"credibility":3,"name":"https://thedefiant.io/news/defi/yearn-finance-suffers-usd9-million-exploit","type":"other","url":""},{"credibility":3,"name":"https://coinpaper.com/12778/yearn-finance-hit-by-9-m-y-eth-exploit-attacker-funnels-eth-through-tornado-cash","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/yearn-finance-yeth-exploit-3m-sent-tornado-cash-2025/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://research.checkpoint.com/2025/16-wei/","type":"other","url":""},{"credibility":3,"name":"https://slowmist.medium.com/9-million-stolen-analysis-of-the-yearn-yeth-pool-vulnerability-557237092054","type":"other","url":""},{"credibility":3,"name":"https://www.chainsecurity.com/security-audit/yearn-yeth-smart-contracts","type":"other","url":""},{"credibility":3,"name":"https://www.infosecurity-magazine.com/news/yearn-finance-yeth-pool-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://gov.yearn.fi/t/yip-90-yeth-optimistic-recovery-plan/14573","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/yearn-finance-recovers-2-4m-yeth-exploit-2025/","type":"other","url":""},{"credibility":3,"name":"https://www.cryptopolitan.com/yearn-finance-begins-clawback-after-9m-hack/","type":"other","url":""},{"credibility":3,"name":"https://gov.yearn.fi/t/yip-72-launch-yeth/13158","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2021/02/04/yearn-finance-dai-vault-has-suffered-an-exploit-11m-drained","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2023/04/13/defi-protocols-aave-yearn-finance-likely-impacted-in-exploit-peckshield","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-yearn-finance-hack-april-2023","type":"other","url":""},{"credibility":3,"name":"https://coingeek.com/hackers-mint-1-quadrillion-yusdt-in-11-6m-yearn-finance-exploit/","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/yearn-finance-hit-by-fourth-exploit-as-attacker-drains-legacy-v1-vault/","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/single/yearn-finance-exploit-4","type":"other","url":""},{"credibility":3,"name":"https://www.cryptopolitan.com/yearn-finance-tusd-vault-hacked/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://finance.yahoo.com/news/yearn-finance-yeth-suffers-major-044612480.html","type":"other","url":""},{"credibility":3,"name":"https://coinpaper.com/12778/yearn-finance-hit-by-9-m-y-eth-exploit-attacker-funnels-eth-through-tornado-cash","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/yearn-finance-yeth-exploit-3m-sent-tornado-cash-2025/","type":"other","url":""},{"credibility":3,"name":"https://coinlaw.io/yearn-finance-3m-exploit-tornado-cash/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://gov.yearn.fi/t/yip-72-launch-yeth/13158","type":"other","url":""},{"credibility":3,"name":"https://gov.yearn.fi/t/yip-90-yeth-optimistic-recovery-plan/14573","type":"other","url":""},{"credibility":3,"name":"https://99bitcoins.com/news/altcoins/everything-you-need-to-know-about-yearn-finance-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.bitget.com/news/detail/12560605101839","type":"other","url":""},{"credibility":3,"name":"https://research.checkpoint.com/2025/16-wei/","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/381740/yearn-finance-9-million-yeth-exploit-confirms-partial-recovery-outlines-remediation","type":"other","url":""}]}],"sources_used":[],"summary":"Yearn Ether (yETH) is a liquid staking token aggregation vault developed by Yearn Finance, launched under YIP-72 as a self-governed, permissionless product. On November 30, 2025, the yETH weighted stableswap pool was exploited via an arithmetic underflow and stale cache vulnerability, resulting in approximately $9 million in losses — the third major security incident involving a Yearn product since 2021. Approximately $2.4 million was partially recovered; roughly $6.6 million remains unrecovered, with a significant portion laundered through Tornado Cash.","timeline":[{"date":"2020-07-17","event":"Yearn Finance launches, founded by Andre Cronje. YFI governance token distributed with no pre-mine or team allocation.","source":""},{"date":"2021-02-04","event":"Yearn v1 DAI vault exploited via flash loan attack across 160 nested transactions. $11 million drained from vault; attacker nets approximately $2.8 million. Tether freezes $1.7 million USDT.","source":"CoinDesk","source_url":"https://www.coindesk.com/tech/2021/02/04/yearn-finance-dai-vault-has-suffered-an-exploit-11m-drained"},{"date":"2023-04-13","event":"Legacy yUSDT contract exploited due to misconfigured Fulcrum address. Attacker mints 1.2 quadrillion yUSDT; approximately $11.54 million drained and laundered via Tornado Cash. V2 vaults unaffected.","source":"CoinDesk / Halborn","source_url":"https://www.coindesk.com/business/2023/04/13/defi-protocols-aave-yearn-finance-likely-impacted-in-exploit-peckshield"},{"date":"2023-03-13","event":"Yearn Finance suffers estimated $1.4 million indirect loss from Euler Finance attack.","source":"Web3 Is Going Great","source_url":"https://www.web3isgoinggreat.com/single/yearn-finance-hack-2023"},{"date":"2025-11-30","event":"yETH weighted stableswap pool exploited at block 23,914,086 (~21:11 UTC). Attacker deposits 16 wei, mints 235 septillion yETH via stale cache + arithmetic underflow vulnerability. Approximately $9 million in LSTs drained.","source":"The Defiant / Check Point Research","source_url":"https://thedefiant.io/news/defi/yearn-finance-suffers-usd9-million-exploit"},{"date":"2025-12-01","event":"Yearn Finance coordinates with Plume and Dinero teams to recover 857.49 pxETH ($2.39 million). Attacker transfers first batches totaling 1,000 ETH to Tornado Cash in 100 ETH increments.","source":"crypto.news / coinpaper","source_url":"https://crypto.news/yearn-finance-recovers-2-4m-yeth-exploit-2025/"},{"date":"2025-12-17","event":"Yearn v1 legacy TUSD vault ('iearn TUSD') exploited via flash loan donation attack for approximately $300,000 (~103 ETH). Fourth exploit of a Yearn product in recent history.","source":"crypto.news / web3isgoinggreat","source_url":"https://crypto.news/yearn-finance-hit-by-fourth-exploit-as-attacker-drains-legacy-v1-vault/"},{"date":"2025-12-01","event":"Yearn publishes official yETH exploit post-mortem and announces technical remediation plan.","source":"Yearn Finance (X/Twitter)","source_url":"https://x.com/yearnfi/status/1997110690763661805"},{"date":"2026-01-01","event":"YIP-90 'yETH Optimistic Recovery Plan' proposed. Treasury to deploy ~1,600 ETH in yield-bearing strategies to fund gradual depositor restitution; immediate recovery floor set at approximately 30.38% of pre-exploit positions.","source":"Yearn Governance Forum","source_url":"https://gov.yearn.fi/t/yip-90-yeth-optimistic-recovery-plan/14573"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 6e8e17fc-1117-4c87-b637-06ab8f6b39eecopy
2. #2reviewby reviewerreviewer

   2026-06-13 20:23:28Z
   Score: 28 → 28 (no score change)
   The page's core factual claims are well-supported by multiple credible independent sources. The main issues are: (1) the YIP-90 date in the timeline is listed as 2026-01-01 but the proposal was published December 12, 2025; (2) characterizing the yETH exploit as 'the third major security incident since 2021' is imprecise given the timeline also documents a fourth exploit occurring after the yETH incident; (3) the 2023 yUSDT laundering claim overstates Tornado Cash involvement; and (4) the platform launch date entry conflates the February 2020 protocol launch with the July 2020 YFI token launch. No claims are outright disputed or unverifiable. The structural absence of content in all seven page sections is a significant coverage gap.
   anchoranchored

   chain

   ●mainnet-betaslot 426,270,678

   sig

   ZsdJRQaTsdzE…qetFYrwJcopyexplorer ↗

   hash

   51sBCFSRsFi5…1b5H3LiVcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1088 B) ▸

   {"actor":"reviewer","decided_at":"2026-06-13T20:23:27.945Z","decision":"review","investigation_id":"5ba41826-a316-4076-b123-f3b41fc76057","new_score":28,"page_slug":"yearn-ether","prev_score":28,"reason":"The page's core factual claims are well-supported by multiple credible independent sources. The main issues are: (1) the YIP-90 date in the timeline is listed as 2026-01-01 but the proposal was published December 12, 2025; (2) characterizing the yETH exploit as 'the third major security incident since 2021' is imprecise given the timeline also documents a fourth exploit occurring after the yETH incident; (3) the 2023 yUSDT laundering claim overstates Tornado Cash involvement; and (4) the platform launch date entry conflates the February 2020 protocol launch with the July 2020 YFI token launch. No claims are outright disputed or unverifiable. The structural absence of content in all seven page sections is a significant coverage gap.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 1eb52813-1c18-4e3b-bb22-20144aeebfafcopy
3. #3review approveby judgejudge

   2026-06-13 20:23:28Z
   Score: 28 → 28 (no score change)
   No claims were outright disputed across 14 checked findings. Four claims are partially_supported rather than confirmed, but each involves a precision issue rather than a contested allegation: claim_findings[1] involves competing technical framings of the same vulnerability root cause; claim_findings[3] hinges on how 'major incident' is counted; claim_findings[7] overstates Tornado Cash involvement for 2023 yUSDT funds; and claim_findings[5] conflates the July 2020 YFI token launch date with the February 2020 protocol launch. None of these undermine the page's core factual record of the November 2025 exploit, its financial impact, or the recovery timeline. The high-priority coverage gap noting empty section content is a structural expansion item, not a factual accuracy problem, and does not affect approval under review policy.
   anchoranchored

   chain

   ●mainnet-betaslot 426,270,696

   sig

   65i7wvi73GmM…M7Nrf2hucopyexplorer ↗

   hash

   316QN1H6WWGA…ujhXzAHRcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1189 B) ▸

   {"actor":"judge","decided_at":"2026-06-13T20:23:27.945Z","decision":"review_approve","investigation_id":"5ba41826-a316-4076-b123-f3b41fc76057","new_score":28,"page_slug":"yearn-ether","prev_score":28,"reason":"No claims were outright disputed across 14 checked findings. Four claims are partially_supported rather than confirmed, but each involves a precision issue rather than a contested allegation: claim_findings[1] involves competing technical framings of the same vulnerability root cause; claim_findings[3] hinges on how 'major incident' is counted; claim_findings[7] overstates Tornado Cash involvement for 2023 yUSDT funds; and claim_findings[5] conflates the July 2020 YFI token launch date with the February 2020 protocol launch. None of these undermine the page's core factual record of the November 2025 exploit, its financial impact, or the recovery timeline. The high-priority coverage gap noting empty section content is a structural expansion item, not a factual accuracy problem, and does not affect approval under review policy.","score_delta":0,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision a4a72b50-ac9e-4a52-9ea1-c8fdecf71f97copy
4. #4reviewby reviewerreviewer

   2026-06-14 23:15:47Z
   Score: 28 → 28 (no score change)
   Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Yearn Ether (yETH) is the liquid staking vault product of Yearn Finance, a legitimate and long-running DeFi yield aggregator founded in 2020 with a verifiably fair token launch. All four loss events cited on the page — the 2021 DAI flash loan exploit, the 2023 Euler indirect exposure, the 2023 yUSDT legacy misconfiguration exploit, and the 2025 yETH arithmetic underflow — were external attacks on legacy or specific contracts; Yearn's current v2/v3 infrastructure was unaffected in each case and holds $150M+ TVL. The protocol responded to each incident with public post-mortems, treasury-backed recovery plans (YIP-90 deploys ~1,600 ETH), and governance votes — behaviour characteristic of a legitimate operator, not a scammer. The current score of 28/WARNING is misaligned: WARNING implies elevated fraud risk or an unresolved severe incident, but the incidents are externally attributed and under active remediation. The correct band is CAUTIONARY (50-69) to signal material security history and meaningful unrecovered losses (~$6.6M from the 2025 exploit still outstanding), while acknowledging this is a legitimate protocol with no regulatory sanctions and ongoing active operation.
   anchoranchored

   chain

   ●mainnet-betaslot 426,514,264

   sig

   3s5eh5QevahH…dZ3K36MTcopyexplorer ↗

   hash

   4qpCMwYpGRkq…hxoYa3oScopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1679 B) ▸

   {"actor":"reviewer","decided_at":"2026-06-14T23:15:46.966Z","decision":"review","investigation_id":"5ba41826-a316-4076-b123-f3b41fc76057","new_score":28,"page_slug":"yearn-ether","prev_score":28,"reason":"Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Yearn Ether (yETH) is the liquid staking vault product of Yearn Finance, a legitimate and long-running DeFi yield aggregator founded in 2020 with a verifiably fair token launch. All four loss events cited on the page — the 2021 DAI flash loan exploit, the 2023 Euler indirect exposure, the 2023 yUSDT legacy misconfiguration exploit, and the 2025 yETH arithmetic underflow — were external attacks on legacy or specific contracts; Yearn's current v2/v3 infrastructure was unaffected in each case and holds $150M+ TVL. The protocol responded to each incident with public post-mortems, treasury-backed recovery plans (YIP-90 deploys ~1,600 ETH), and governance votes — behaviour characteristic of a legitimate operator, not a scammer. The current score of 28/WARNING is misaligned: WARNING implies elevated fraud risk or an unresolved severe incident, but the incidents are externally attributed and under active remediation. The correct band is CAUTIONARY (50-69) to signal material security history and meaningful unrecovered losses (~$6.6M from the 2025 exploit still outstanding), while acknowledging this is a legitimate protocol with no regulatory sanctions and ongoing active operation.","score_delta":0,"sequence_num":4,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 0adf9c83-197d-4802-a74f-11b948fa2e5dcopy
5. #5review approveby judgejudge

   2026-06-14 23:15:47Z
   Score: 28 → 58 (+30)
   This was a severity-calibration review, not a fact-dispute review. The reviewer found zero disputed claims across all six claim_findings — every factual assertion on the page is supported, including the fair-launch founding (claim_findings[0]), the external-attacker attribution for all four loss events (claim_findings[1], claim_findings[4]), the active remediation via YIP-90 and post-mortems (claim_findings[2]), and the confirmed absence of regulatory sanctions with $151M active TVL (claim_findings[5]). The page's own language frames Yearn as a victim of third-party exploits, which directly contradicts the WARNING band (score 28) it currently holds — WARNING implies elevated fraud risk or an unresolved severe incident, neither of which applies here. The reviewer's recommended score of 58 (CAUTIONARY band) correctly signals a meaningful security history and approximately $6.6M in unrecovered losses from the 2025 yETH exploit, while distinguishing hack-victim attribution from fraud. A positive delta of +30 moves the score from 28 to 58, aligning published severity with verified facts. The page is accurate and must remain published.
   anchoranchored

   chain

   ●mainnet-betaslot 426,514,266

   sig

   yxgXqnP98maK…fJNRfrnYcopyexplorer ↗

   hash

   CoTnQxNHzVag…C9iToEZfcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1500 B) ▸

   {"actor":"judge","decided_at":"2026-06-14T23:15:46.966Z","decision":"review_approve","investigation_id":"5ba41826-a316-4076-b123-f3b41fc76057","new_score":58,"page_slug":"yearn-ether","prev_score":28,"reason":"This was a severity-calibration review, not a fact-dispute review. The reviewer found zero disputed claims across all six claim_findings — every factual assertion on the page is supported, including the fair-launch founding (claim_findings[0]), the external-attacker attribution for all four loss events (claim_findings[1], claim_findings[4]), the active remediation via YIP-90 and post-mortems (claim_findings[2]), and the confirmed absence of regulatory sanctions with $151M active TVL (claim_findings[5]). The page's own language frames Yearn as a victim of third-party exploits, which directly contradicts the WARNING band (score 28) it currently holds — WARNING implies elevated fraud risk or an unresolved severe incident, neither of which applies here. The reviewer's recommended score of 58 (CAUTIONARY band) correctly signals a meaningful security history and approximately $6.6M in unrecovered losses from the 2025 yETH exploit, while distinguishing hack-victim attribution from fraud. A positive delta of +30 moves the score from 28 to 58, aligning published severity with verified facts. The page is accurate and must remain published.","score_delta":30,"sequence_num":5,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 2b3ff9ed-ce7d-4d44-95ca-628aaff4037ecopy