Prior exploit count
Yearn Finance's assessment for RD-F-077 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
4 distinct confirmed incidents: (1) 2021-02-04 ~$11M yDAI V1 flash loan + migration window exploit; (2) 2023-04-13 ~$11.4M yUSDT wrong Fulcrum address; (3) 2023-11-30 ~$9M yETH stableswap Newton-Raphson underflow; (4) 2023-12-16 ~$293K iearn TUSD identical Fulcrum misconfiguration. Total gross loss ~$31.7M. No full recovery on any incident. Threshold: red = ≥2 exploits or any unrecovered loss.
Sources #
- InternalYearn Finance 1st Exploit Hack Reporthacksdatabase/hacks/yearn-rekt1.md — 2021-02-04 incident, ~$11M yDAI V1retrieved 2026-05-16
- Yearn Finance 4th Exploit Hack Reporthacksdatabase/hacks/yearn-rekt4.md — 2023-12-16 incident, ~$293K iearn TUSDretrieved 2026-05-16
- Yearn Finance 2nd Exploit Hack Reporthacksdatabase/hacks/yearn2-rekt.md — 2023-04-13 incident, ~$11.4M yUSDTretrieved 2026-05-16
- Yearn Finance 3rd Exploit Hack Reporthacksdatabase/hacks/yearn-rekt3.md — 2023-11-30 incident, ~$9M yETH stableswapretrieved 2026-05-16
Methodology #
Count the number of distinct incidents in the hack database affecting this protocol.
See the full factor methodology and distribution across all protocols →
rubric_version v1.7.0 protocol yearn-finance factor RD-F-077 score red collected_at 2026-05-16 08:34:32