Skip to main content
Sign in
Yearn Finance5 decisions on this page

Audit log

Every state-changing event for Yearn Finance: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-25 17:34:26Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 422,113,848
    sig
    4epzrdvdWmbS…UY4WUxPgexplorer ↗
    hash
    59ENnPHEHgyv…UsV4MLdcsha256 → base58
    verifying row…full verify ↗
    canonical bytes (8334 B) ▸
    {"actor":"system:backfill","investigation_id":"4d531127-e978-430c-8f36-6eac186ef860","kind":"publish","page_slug":"yearn-finance","published_at":"2026-05-25T17:34:26.834Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Yearn Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.gemini.com/cryptopedia/what-is-yearn-finance-yfi-coin-yearnfinance","type":"other","url":""},{"credibility":3,"name":"https://messari.io/asset/yearn-finance/profile/governance","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2021/02/04/yearn-finance-dai-vault-has-suffered-an-exploit-11m-drained","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-yearn-v1-ydai-hack-feb-2021","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/yearn-finance-puts-expanded-treasury-to-use-by-repaying-victims-of-11m-hack","type":"other","url":""},{"credibility":3,"name":"https://thedefiant.io/news/defi/yearn-finance-iearn-vault-hacked","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://therecord.media/hackers-steal-130-million-from-cream-finance-the-companys-3rd-hack-this-year","type":"other","url":""},{"credibility":3,"name":"https://medium.com/immunefi/hack-analysis-cream-finance-oct-2021-fc222d913fc5","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/84840/behind-defi-war-words-aave-yearn","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.dlnews.com/articles/defi/defi-partners-clash-over-32m-bad-debt-iron-bank-alpha-homora/","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/216536/iron-bank-freezes-alpha-homora-lending-accounts-over-bad-debt-dispute","type":"other","url":""},{"credibility":3,"name":"https://www.benzinga.com/markets/cryptocurrency/23/03/31193198/iron-bank-calls-on-alpha-homora-to-take-responsibility-for-bad-debt","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.web3isgoinggreat.com/?id=yearn-treasury-swap","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/267483/yearn-finance-says-faulty-script-wiped-out-63-of-treasury","type":"other","url":""},{"credibility":3,"name":"https://unchainedcrypto.com/1-4-million-wiped-out-from-yearn-finance-treasury/","type":"other","url":""},{"credibility":3,"name":"https://github.com/yearn/yearn-security/blob/master/disclosures/2023-12-11.md","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.dlnews.com/articles/defi/yearn-finance-looted-for-9m-after-attacker-minted-trillions/","type":"other","url":""},{"credibility":3,"name":"https://research.checkpoint.com/2025/16-wei/","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/381740/yearn-finance-9-million-yeth-exploit-confirms-partial-recovery-outlines-remediation","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/yearn-finance-hit-by-fourth-exploit-as-attacker-drains-legacy-v1-vault/","type":"other","url":""},{"credibility":3,"name":"https://www.cryptopolitan.com/yearn-finance-tusd-vault-hacked/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptoslate.com/how-sec-scrutiny-pushed-defi-innovator-andre-cronje-to-quit-in-2022/","type":"other","url":""},{"credibility":3,"name":"https://blockonomi.com/andre-cronje-reveals-sec-investigation-behind-2022-defi-departure/","type":"other","url":""},{"credibility":3,"name":"https://thedefiant.io/news/people/andre-cronje-yearn-finance-quits-defi-fantom","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2021/02/02/yearn-finance-votes-to-inflate-yfi-token-supply-by-20","type":"other","url":""},{"credibility":3,"name":"https://medium.com/coinmonks/new-yearn-governance-structure-9090329838ea","type":"other","url":""},{"credibility":3,"name":"https://docs.yearn.finance/contributing/governance/governance-and-operations","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.onesafe.io/blog/yearn-finance-exploit-security-breach-defi","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/yearn-finance-hit-by-fourth-exploit-as-attacker-drains-legacy-v1-vault/","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-yearn-v1-ydai-hack-feb-2021","type":"other","url":""}]}],"sources_used":[],"summary":"Yearn Finance is a decentralized yield aggregator on Ethereum that routes user deposits into lending protocols to maximize returns. Founded by Andre Cronje in 2020, the protocol has suffered at least four documented security exploits between 2021 and 2025, with aggregate losses exceeding $20 million, and its founder departed in 2022 citing sustained pressure from an SEC investigation. Governance concerns, an interconnected web of affiliated DeFi protocols implicated in their own major hacks, and repeated failures to deprecate vulnerable legacy code compound the protocol's risk profile.","timeline":[{"date":"2020-07-17","event":"Andre Cronje launches Yearn Finance and distributes the YFI governance token via a fair launch with no pre-mine or founder allocation.","source":""},{"date":"2020-11-01","event":"Yearn enters strategic partnership with Cream Finance, forming broad DeFi ecosystem alliances; Iron Bank uncollateralized lending to whitelisted protocols introduced.","source":""},{"date":"2021-02-02","event":"Governance vote passes to mint 6,666 additional YFI tokens (approximately 20% supply inflation), sparking community debate about token dilution.","source":""},{"date":"2021-02-04","event":"Yearn v1 yDAI vault exploited via flash-loan-based Curve 3pool price manipulation; approximately $11 million in losses, with $2.8 million extracted by the attacker. Yearn responds within 11 minutes.","source":""},{"date":"2021-02-13","event":"A second exploit targets the legacy Yearn iearn vault within the same month, compounding concerns over undecommissioned legacy contracts.","source":""},{"date":"2021-02-27","event":"Alpha Homora exploited via Iron Bank; over $37 million drained; Alpha Homora agrees to repay Iron Bank via fee-sharing and ALPHA token collateral.","source":""},{"date":"2021-03-01","event":"Yearn uses YFI from treasury to open a MakerDAO vault and mint 9.7 million DAI, making yDAI vault depositors whole following the February exploit.","source":""},{"date":"2021-10-27","event":"Cream Finance suffers its third hack of the year; approximately $130 million stolen via flash loan exploit that technically involved Yearn's yUSD oracle, prompting a public dispute between Yearn, Cream, and Aave communities.","source":""},{"date":"2022-03-06","event":"Andre Cronje and Anton Nell announce their departure from DeFi and Yearn Finance; YFI falls approximately 13-14%. Cronje later attributes the decision to an SEC investigation begun in 2021.","source":""},{"date":"2023-03-01","event":"Iron Bank unilaterally modifies smart contracts to freeze Alpha Homora's lending accounts over approximately $32 million in unresolved bad debt, citing protection of depositors including Yearn Finance.","source":""},{"date":"2023-12-11","event":"A faulty multisig script causes Yearn's treasury to swap its entire lp-yCRVv2 balance rather than only earned fees, incurring a 63% slippage loss worth approximately $1.4 million.","source":""},{"date":"2025-11-30","event":"Yearn Finance yETH weighted stableswap pool exploited; attacker mints 235 septillion yETH tokens by depositing 16 wei, draining approximately $9 million. Stolen funds laundered through Tornado Cash within hours.","source":""},{"date":"2025-12-17","event":"Fourth exploit in weeks: Yearn v1 legacy TUSD vault drained via donation attack against a misconfigured Fulcrum sUSD strategy; approximately $300,000 lost.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision c0924922-3578-4fc1-8f2f-e9171c6fdaf2
  2. #2reviewby reviewerreviewer
    2026-06-13 21:16:32Z
    Score: 3232 (no score change)
    The page's core narrative — that Yearn Finance suffered multiple security exploits between 2021 and 2025 and that its founder departed due to SEC pressure — is well supported by reputable independent sources. However, two material errors undermine reliability: the Alpha Homora exploit date is wrong by two weeks (page says February 27, 2021; confirmed date is February 13, 2021), and the February 13, 2021 timeline entry claiming a second Yearn iearn vault exploit appears to conflate a December 2025 event with 2021, introducing a phantom timeline entry. The 'four exploits' count and '>$20M aggregate losses' figures require careful qualification as vault-level losses rather than attacker profits. All nine page sections are structurally empty, limiting the review to the summary and timeline.
    anchoranchored
    chain
    mainnet-betaslot 426,278,688
    sig
    3tCFh2Lsp1Ck…NZfKHn4dexplorer ↗
    hash
    DKGkbx7j4HR7…A6Tk3etEsha256 → base58
    verifying row…full verify ↗
    canonical bytes (1146 B) ▸
    {"actor":"reviewer","decided_at":"2026-06-13T21:16:32.154Z","decision":"review","investigation_id":"4d531127-e978-430c-8f36-6eac186ef860","new_score":32,"page_slug":"yearn-finance","prev_score":32,"reason":"The page's core narrative — that Yearn Finance suffered multiple security exploits between 2021 and 2025 and that its founder departed due to SEC pressure — is well supported by reputable independent sources. However, two material errors undermine reliability: the Alpha Homora exploit date is wrong by two weeks (page says February 27, 2021; confirmed date is February 13, 2021), and the February 13, 2021 timeline entry claiming a second Yearn iearn vault exploit appears to conflate a December 2025 event with 2021, introducing a phantom timeline entry. The 'four exploits' count and '>$20M aggregate losses' figures require careful qualification as vault-level losses rather than attacker profits. All nine page sections are structurally empty, limiting the review to the summary and timeline.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 97b495a8-433f-4906-8a8f-35b257bb944e
  3. #3review reviseby judgejudge
    2026-06-13 21:16:32Z
    Score: 3220 (-12)
    Ten of eighteen claims are confirmed and the core narrative — multiple exploits between 2021 and 2025, aggregate losses exceeding $20 million, and the founder's SEC-pressured departure — is well supported by Tier 1 and Tier 2 sources. However, claim_findings[9] identifies a phantom timeline entry dated February 13, 2021, describing a Yearn iearn vault exploit that no independent source confirms on that date; the reviewer concludes this event was either fabricated or conflates the December 2025 TUSD vault hack. claim_findings[10] places the Alpha Homora exploit on February 27, 2021, while multiple reputable sources consistently date it to February 13, 2021 — a two-week material date error. Two high-priority structural gaps further reduce reliability: all nine page sections contain empty content fields (coverage_gaps[0]) and source URLs are stored in the wrong database column (coverage_gaps[1]), making citation context unverifiable.
    anchoranchored
    chain
    mainnet-betaslot 426,278,692
    sig
    3AdKnQsxtBFS…N7LzfjDCexplorer ↗
    hash
    GyVEEYp58VGr…UcVzejTrsha256 → base58
    verifying row…full verify ↗
    canonical bytes (1299 B) ▸
    {"actor":"judge","decided_at":"2026-06-13T21:16:32.154Z","decision":"review_revise","investigation_id":"4d531127-e978-430c-8f36-6eac186ef860","new_score":20,"page_slug":"yearn-finance","prev_score":32,"reason":"Ten of eighteen claims are confirmed and the core narrative — multiple exploits between 2021 and 2025, aggregate losses exceeding $20 million, and the founder's SEC-pressured departure — is well supported by Tier 1 and Tier 2 sources. However, claim_findings[9] identifies a phantom timeline entry dated February 13, 2021, describing a Yearn iearn vault exploit that no independent source confirms on that date; the reviewer concludes this event was either fabricated or conflates the December 2025 TUSD vault hack. claim_findings[10] places the Alpha Homora exploit on February 27, 2021, while multiple reputable sources consistently date it to February 13, 2021 — a two-week material date error. Two high-priority structural gaps further reduce reliability: all nine page sections contain empty content fields (coverage_gaps[0]) and source URLs are stored in the wrong database column (coverage_gaps[1]), making citation context unverifiable.","score_delta":-12,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 29a18e81-067f-4a4f-a545-023ebabf9c32
  4. #4reviewby reviewerreviewer
    2026-06-14 23:15:44Z
    Score: 2020 (no score change)
    Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Yearn Finance is a legitimate, actively-operating DeFi yield aggregator founded in July 2020, currently holding approximately $150M TVL with functioning V2 and V3 vaults and ongoing governance development. The page's current score of 32/WARNING is over-penalized because it conflates third-party exploits with Yearn's own security record: the Cream Finance $130M hack (where Yearn's oracle was an attack vector but Yearn assisted recovery), the Alpha Homora/Iron Bank $37M incident (where Yearn was a bystander), and the Iron Bank $32M bad debt freeze (an Iron Bank vs. Alpha Homora dispute) are all presented as Yearn incidents on the page's timeline. Stripping those misattributed entries, Yearn's confirmed losses are approximately $33M across four or five incidents over five years, all from legacy deprecated contracts with modern V2/V3 vaults remaining unaffected. The protocol demonstrates a pattern of legacy-code vulnerability combined with responsive remediation, which warrants a CAUTIONARY rating (50-69) rather than WARNING. There is no evidence of fraud, exit scam, Ponzi mechanics, or regulatory conviction — the SEC's inquiry into Cronje was an investigation that never resulted in charges, and Cronje publicly confirmed this in 2025.
    anchoranchored
    chain
    mainnet-betaslot 426,514,224
    sig
    3NL2QiLbYPTB…yxQJDiAoexplorer ↗
    hash
    8w3U1LLh7wsP…5LFvvFPJsha256 → base58
    verifying row…full verify ↗
    canonical bytes (1741 B) ▸
    {"actor":"reviewer","decided_at":"2026-06-14T23:15:44.802Z","decision":"review","investigation_id":"4d531127-e978-430c-8f36-6eac186ef860","new_score":20,"page_slug":"yearn-finance","prev_score":20,"reason":"Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Yearn Finance is a legitimate, actively-operating DeFi yield aggregator founded in July 2020, currently holding approximately $150M TVL with functioning V2 and V3 vaults and ongoing governance development. The page's current score of 32/WARNING is over-penalized because it conflates third-party exploits with Yearn's own security record: the Cream Finance $130M hack (where Yearn's oracle was an attack vector but Yearn assisted recovery), the Alpha Homora/Iron Bank $37M incident (where Yearn was a bystander), and the Iron Bank $32M bad debt freeze (an Iron Bank vs. Alpha Homora dispute) are all presented as Yearn incidents on the page's timeline. Stripping those misattributed entries, Yearn's confirmed losses are approximately $33M across four or five incidents over five years, all from legacy deprecated contracts with modern V2/V3 vaults remaining unaffected. The protocol demonstrates a pattern of legacy-code vulnerability combined with responsive remediation, which warrants a CAUTIONARY rating (50-69) rather than WARNING. There is no evidence of fraud, exit scam, Ponzi mechanics, or regulatory conviction — the SEC's inquiry into Cronje was an investigation that never resulted in charges, and Cronje publicly confirmed this in 2025.","score_delta":0,"sequence_num":4,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision fb7b4afa-73e6-496d-810a-8b2c1d747073
  5. #5review approveby judgejudge
    2026-06-14 23:15:44Z
    Score: 2058 (+38)
    This is a severity-calibration review, not a content dispute. All six claim_findings (indices 0-5) are marked 'supported' with 0% disputed claims and reviewer confidence of 0.85. The review establishes that the page's current score of 32 (stored as 20) is materially too harsh because three incidents on the timeline — the Cream Finance $130M hack (claim_findings[1]), the Alpha Homora/Iron Bank $37M exploit (claim_findings[2]), and the Iron Bank $32M bad-debt freeze (claim_findings[5]) — were misattributed to Yearn when Yearn was either a bystander, a recovery helper, or an indirect depositor-protectee. Confirmed Yearn-specific losses are approximately $33M, all from legacy deprecated contracts, with V2/V3 vaults unaffected (claim_findings[3]). There is no evidence of fraud, Ponzi mechanics, or regulatory conviction (claim_findings[4]). The page content is accurate and must remain published; only the trust-score band requires correction from WARNING to CAUTIONARY (score 58), warranting a positive delta of +38.
    anchoranchored
    chain
    mainnet-betaslot 426,514,227
    sig
    2hDepKgFE3ge…BExc95woexplorer ↗
    hash
    tooKNPGcAVwL…EL3zyMszsha256 → base58
    verifying row…full verify ↗
    canonical bytes (1378 B) ▸
    {"actor":"judge","decided_at":"2026-06-14T23:15:44.802Z","decision":"review_approve","investigation_id":"4d531127-e978-430c-8f36-6eac186ef860","new_score":58,"page_slug":"yearn-finance","prev_score":20,"reason":"This is a severity-calibration review, not a content dispute. All six claim_findings (indices 0-5) are marked 'supported' with 0% disputed claims and reviewer confidence of 0.85. The review establishes that the page's current score of 32 (stored as 20) is materially too harsh because three incidents on the timeline — the Cream Finance $130M hack (claim_findings[1]), the Alpha Homora/Iron Bank $37M exploit (claim_findings[2]), and the Iron Bank $32M bad-debt freeze (claim_findings[5]) — were misattributed to Yearn when Yearn was either a bystander, a recovery helper, or an indirect depositor-protectee. Confirmed Yearn-specific losses are approximately $33M, all from legacy deprecated contracts, with V2/V3 vaults unaffected (claim_findings[3]). There is no evidence of fraud, Ponzi mechanics, or regulatory conviction (claim_findings[4]). The page content is accurate and must remain published; only the trust-score band requires correction from WARNING to CAUTIONARY (score 58), warranting a positive delta of +38.","score_delta":38,"sequence_num":5,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 22d6d461-4cd8-4a28-9c92-0a5c290f0b1d
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.