{"id":18869,"date":"2025-12-02T14:00:31","date_gmt":"2025-12-02T14:00:31","guid":{"rendered":"https:\/\/www.coinspeaker.com\/fr\/?p=18869"},"modified":"2025-12-02T13:58:39","modified_gmt":"2025-12-02T13:58:39","slug":"yearn-finance-piratage","status":"publish","type":"post","link":"https:\/\/www.coinspeaker.com\/fr\/yearn-finance-piratage\/","title":{"rendered":"Yearn Finance : un bug vide des millions en ETH, 2,4 M$ r\u00e9cup\u00e9r\u00e9s"},"content":{"rendered":"<h2>Un bug d\u2019arithm\u00e9tique qui ouvre la porte \u00e0 un \u201cinfinite mint\u201d<\/h2>\n<p>Le hacker a utilis\u00e9 <a href=\"https:\/\/github.com\/banteg\/yeth-exploit\/blob\/main\/report.pdf\" target=\"_blank\" rel=\"\"><strong>un vieux contrat<\/strong><\/a> mal s\u00e9curis\u00e9. Ce dernier permettait <strong>une frappe infinie de tokens<\/strong>. En fait, une simple <strong>erreur de calcul<\/strong> sur une formule qui g\u00e9rait l&rsquo;\u00e9quilibre d&rsquo;un pool stableswap a tout rendu possible.<\/p>\n<p>Le 30 novembre, l\u2019attaquant a frapp\u00e9 environ<strong> 2,35 \u00d7 10\u00b3\u2078 yETH<\/strong> en une seule op\u00e9ration, soit pr\u00e8s de<strong> 235 000 milliards de yETH<\/strong>. Avec ce stock g\u00e9ant, il a \u00e9chang\u00e9 les jetons contre des actifs r\u00e9els. Finalement, le pool yETH, \u00e9valu\u00e9 \u00e0 environ 11 millions de dollars, est compl\u00e8tement siphonn\u00e9 <strong>sur Balancer et Curve.<\/strong><\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"474\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">At 21:11 UTC on Nov 30, an incident occurred involving the yETH stableswap pool that resulted in the minting of a large amount of yETH. The contract impacted is a custom version of popular stableswap code, unrelated to other Yearn products. Yearn V2\/V3 vaults are not at risk.<\/p>\n<p>&mdash; yearn (@yearnfi) <a rel=\"noopener noreferrer\" target=\"_blank\" rel=\"noopener nofollow sponsored\" href=\"https:\/\/twitter.com\/yearnfi\/status\/1995344733154250993?ref_src=twsrc%5Etfw\">December 1, 2025<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Pour agir, l\u2019attaquant a utilis\u00e9 plusieurs <strong>petits contrats temporaires<\/strong>. Ils pr\u00e9paraient les \u00e9changes, transf\u00e9raient les fonds, puis s\u2019autod\u00e9truisaient. Ce sch\u00e9ma soign\u00e9 a rendu l\u2019attaque <strong>tr\u00e8s discr\u00e8te<\/strong>, jusqu\u2019au moment o\u00f9 les liquidit\u00e9s du pool ont commenc\u00e9 \u00e0 chuter.<\/p>\n<p>Les analyses montrent que ce n\u2019\u00e9tait <strong>pas un flash loan<\/strong>, mais une faille interne li\u00e9e au design du contrat, laiss\u00e9<strong> dans un \u00e9tat h\u00e9rit\u00e9<\/strong> depuis plusieurs ann\u00e9es. Heureusement, l&rsquo;impact reste circonscrit. Les coffres principaux de Yearn, <strong>les Vaults V2 et V3<\/strong>, ne sont pas touch\u00e9s. Leur valeur d\u00e9passe toujours les 600 millions de dollars.<\/p>\n<h2>Un vol de pr\u00e8s de 9 M$ ou plus<\/h2>\n<p>Les <a href=\"https:\/\/x.com\/PeckShieldAlert\/status\/1995311852310675537?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1995311852310675537%7Ctwgr%5Ecab887245e1309e13c76a3e9f2eaaa28cf2d3fef%7Ctwcon%5Es1_&amp;ref_url=https%3A%2F%2Fwww.cointribune.com%2Fyearn-finance-une-faille-dans-le-contrat-yeth-permet-a-un-hacker-de-drainer-des-millions%2F\" target=\"_blank\" rel=\"\"><strong>chercheurs de<\/strong> <strong>PeckShield<\/strong><\/a> estiment les pertes \u00e0 approximativement <strong>9 millions de dollars<\/strong>. Une part importante a \u00e9t\u00e9 convertie en ETH. Ensuite, pour brouiller la piste, pr\u00e8s de <strong>1 000 ETH<\/strong>, soit environ 3 millions de dollars, ont \u00e9t\u00e9 <strong>envoy\u00e9s vers Tornado Cash<\/strong>. Les transferts se faisaient souvent en lots de 100 ETH, ce qui compliquait leur suivi.<\/p>\n<p>L\u2019adresse principale li\u00e9e \u00e0 l\u2019attaque, abr\u00e9g\u00e9e <strong>0xa80d\u2026c822<\/strong>, d\u00e9tient encore environ <strong>6 millions de dollars<\/strong> en stETH, rETH et autres tokens de staking. Ainsi, le hacker n\u2019a pas encore tout d\u00e9plac\u00e9 et qu\u2019il pr\u00e9f\u00e8re prendre son temps plut\u00f4t que de tout encaisser d\u2019un coup.<\/p>\n<p>Face \u00e0 l&rsquo;urgence, les \u00e9quipes se mobilisent. Gr\u00e2ce \u00e0 une coordination rapide, elles r\u00e9ussissent<strong> \u00e0 r\u00e9cup\u00e9rer 2,4 millions<\/strong> de dollars avec Plume et Dinero. Cette somme correspond \u00e0 des actifs qui n&rsquo;avaient<strong> pas encore \u00e9t\u00e9 m\u00e9lang\u00e9s<\/strong>. Yearn pr\u00e9voit de rendre ces fonds aux utilisateurs touch\u00e9s.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"474\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">yETH update: With the assistance of the Plume and Dinero teams, a coordinated recovery of 857.49 pxETH ($2.39m) was performed. Recovery efforts remain active and ongoing. Any assets successfully recovered will be returned to affected depositors.<a rel=\"noopener noreferrer\" target=\"_blank\" rel=\"noopener nofollow sponsored\" href=\"https:\/\/t.co\/xaClNhd0C0\">https:\/\/t.co\/xaClNhd0C0<\/a><\/p>\n<p>&mdash; yearn (@yearnfi) <a rel=\"noopener noreferrer\" target=\"_blank\" rel=\"noopener nofollow sponsored\" href=\"https:\/\/twitter.com\/yearnfi\/status\/1995488425785659492?ref_src=twsrc%5Etfw\">December 1, 2025<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h2>Best Wallet : un rempart moderne face aux menaces<\/h2>\n<p>Apr\u00e8s un tel piratage et le r\u00e9cent <strong><a href=\"https:\/\/www.coinspeaker.com\/fr\/vol-crypto-uk-best-wallet\/\">affaire en Royaume-Uni<\/a><\/strong>, une question obs\u00e8de la communaut\u00e9. O\u00f9 mettre ses cryptos en s\u00e9curit\u00e9 ? Alors, les regards se tournent vers les <strong>solutions non-custodiales<\/strong>. Ces portefeuilles redonnent le contr\u00f4le total aux utilisateurs. Ils deviennent un rempart populaire face aux failles des protocoles.<\/p>\n<p>Parmi eux, le portefeuille non-costudial <a href=\"http:\/\/coinspeaker.com\/fr\/go\/bestwallet-exchange\" target=\"_blank\" rel=\" nofollow sponsored\"><strong>Best Wallet<\/strong><\/a> gagne justement en visibilit\u00e9. Son jeton, le $BEST, fait m\u00eame <strong>son entr\u00e9e en Bourse<\/strong>. Il a \u00e9t\u00e9 list\u00e9 sur l&rsquo;<strong><a href=\"https:\/\/www.coinspeaker.com\/fr\/best-wallet-liste-kucoin-pump\/\">exchange KuCoin<\/a><\/strong> d\u00e8s le 28 novembre dernier. Cette reconnaissance arrive au bon moment. Le projet propose un \u00e9cosyst\u00e8me multicha\u00eenes complet offrant une exp\u00e9rience fluide et nettement plus s\u00e9curis\u00e9e.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5234\" src=\"https:\/\/www.coinspeaker.com\/fr\/wp-content\/uploads\/sites\/6\/2025\/08\/Best-Wallet-Review-Giveaway.jpg\" alt=\"Best-Wallet\" width=\"1204\" height=\"739\" srcset=\"https:\/\/www.coinspeaker.com\/fr\/wp-content\/uploads\/sites\/6\/2025\/08\/Best-Wallet-Review-Giveaway.jpg 1204w, https:\/\/www.coinspeaker.com\/fr\/wp-content\/uploads\/sites\/6\/2025\/08\/Best-Wallet-Review-Giveaway-300x184.jpg 300w, https:\/\/www.coinspeaker.com\/fr\/wp-content\/uploads\/sites\/6\/2025\/08\/Best-Wallet-Review-Giveaway-1024x629.jpg 1024w, https:\/\/www.coinspeaker.com\/fr\/wp-content\/uploads\/sites\/6\/2025\/08\/Best-Wallet-Review-Giveaway-768x471.jpg 768w\" sizes=\"auto, (max-width: 1204px) 100vw, 1204px\" \/><\/p>\n<p>Dans les faits, Best Wallet s\u2019impose comme un<strong> v\u00e9ritable couteau suisse<\/strong>. En une <strong>seule application<\/strong>, l\u2019utilisateur g\u00e8re l\u2019ensemble de ses actifs, sans effort et sans dispersion. Les utilisateurs peuvent acheter, \u00e9changer et staker leurs actifs.<\/p>\n<p>La s\u00e9curit\u00e9 repose sur une technologie de pointe, le <strong>MPC (Multi-Party Computation)<\/strong>. Elle fragmente la cl\u00e9 priv\u00e9e pour mieux la prot\u00e9ger, vous avez ainsi le<strong> contr\u00f4le total de vos cl\u00e9s priv\u00e9es<\/strong>. Finalement, l&rsquo;initiative montre une voie. La <strong>d\u00e9centralisation<\/strong> <strong>des fonds<\/strong> reste la meilleure parade aux risques techniques.<\/p>\n<p style=\"text-align: center\"><span style=\"font-weight: 400\"><a href=\"http:\/\/coinspeaker.com\/fr\/go\/bestwallet-exchange\" rel=\"noopener sponsored nofollow\" target=\"_blank\" class=\"custom-cta-button\">D\u00e9couvrir Best Wallet<\/a><\/span><\/p>\n<hr \/>\n<p>\u00c0 lire aussi :<\/p>\n<ul>\n<li><a href=\"https:\/\/www.coinspeaker.com\/fr\/spear-phishing-hackers-nord-coreens\/\">Spear-phishing : l\u2019arme num\u00e9ro 1 des hackers nord-cor\u00e9ens en 2025<br \/>\n<\/a><\/li>\n<li><a href=\"https:\/\/www.coinspeaker.com\/fr\/best-wallet-listing-mexc\/\">Listing de Best Wallet sur MEXC ce vendredi 28 novembre \u2013 la FOMO s\u2019envole, jusqu\u2019o\u00f9 ira vraiment $BEST ?<br \/>\n<\/a><\/li>\n<li><a href=\"https:\/\/www.coinspeaker.com\/fr\/bitcoin-exploser-2026-selon-grayscale\/\">Bitcoin pr\u00eat \u00e0 exploser en 2026 selon Grayscale<\/a><\/li>\n<\/ul>\n<a class=\"infinscroll_next_page_link\" style=\"display:none\" href=\"https:\/\/www.coinspeaker.com\/fr\/millionnaire-pepe-node-2026-grok\/\" rel=\"prev\">next<\/a>","protected":false},"excerpt":{"rendered":"<p>Un ancien contrat de Yearn Finance a subi une faille qui a permis \u00e0 un attaquant de cr\u00e9er une \u00e9norme quantit\u00e9 de yETH. En quelques minutes, pr\u00e8s de 9 millions de dollars ont disparu. Heureusement, une partie des fonds a \u00e9t\u00e9 r\u00e9cup\u00e9r\u00e9e, et l\u2019affaire relance les d\u00e9bats sur la s\u00e9curit\u00e9 en crypto.<\/p>\n","protected":false},"author":200,"featured_media":18877,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-18869","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-actu"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Yearn Finance : un bug vide des millions en ETH, 2,4 M$ r\u00e9cup\u00e9r\u00e9s<\/title>\n<meta name=\"description\" content=\"Bug sur un ancien contrat Yearn : un mint infini vide pr\u00e8s de 9 M$ sur Yearn Finance, dont 2,4 M$ r\u00e9cup\u00e9r\u00e9s.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.coinspeaker.com\/fr\/yearn-finance-piratage\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Yearn Finance : un bug vide des millions en ETH, 2,4 M$ r\u00e9cup\u00e9r\u00e9s\" \/>\n<meta property=\"og:description\" content=\"Bug sur un ancien contrat Yearn : un mint infini vide pr\u00e8s de 9 M$ sur Yearn Finance, dont 2,4 M$ r\u00e9cup\u00e9r\u00e9s.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.coinspeaker.com\/fr\/yearn-finance-piratage\/\" \/>\n<meta property=\"og:site_name\" content=\"Coinspeaker France\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-02T14:00:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.coinspeaker.com\/fr\/wp-content\/uploads\/sites\/6\/2025\/12\/yearn-finance-piratage.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Emmanuel Roux\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Emmanuel Roux\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Yearn Finance : un bug vide des millions en ETH, 2,4 M$ r\u00e9cup\u00e9r\u00e9s","description":"Bug sur un ancien contrat Yearn : un mint infini vide pr\u00e8s de 9 M$ sur Yearn Finance, dont 2,4 M$ r\u00e9cup\u00e9r\u00e9s.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.coinspeaker.com\/fr\/yearn-finance-piratage\/","og_locale":"fr_FR","og_type":"article","og_title":"Yearn Finance : un bug vide des millions en ETH, 2,4 M$ r\u00e9cup\u00e9r\u00e9s","og_description":"Bug sur un ancien contrat Yearn : un mint infini vide pr\u00e8s de 9 M$ sur Yearn Finance, dont 2,4 M$ r\u00e9cup\u00e9r\u00e9s.","og_url":"https:\/\/www.coinspeaker.com\/fr\/yearn-finance-piratage\/","og_site_name":"Coinspeaker France","article_published_time":"2025-12-02T14:00:31+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/www.coinspeaker.com\/fr\/wp-content\/uploads\/sites\/6\/2025\/12\/yearn-finance-piratage.png","type":"image\/png"}],"author":"Emmanuel Roux","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Emmanuel Roux","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.coinspeaker.com\/fr\/yearn-finance-piratage\/","url":"https:\/\/www.coinspeaker.com\/fr\/yearn-finance-piratage\/","name":"Yearn Finance : un bug vide des millions en ETH, 2,4 M$ r\u00e9cup\u00e9r\u00e9s","isPartOf":{"@id":"https:\/\/www.coinspeaker.com\/fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.coinspeaker.com\/fr\/yearn-finance-piratage\/#primaryimage"},"image":{"@id":"https:\/\/www.coinspeaker.com\/fr\/yearn-finance-piratage\/#primaryimage"},"thumbnailUrl":"https:\/\/www.coinspeaker.com\/fr\/wp-content\/uploads\/sites\/6\/2025\/12\/yearn-finance-piratage.png","datePublished":"2025-12-02T14:00:31+00:00","author":{"@id":"https:\/\/www.coinspeaker.com\/fr\/#\/schema\/person\/d793ce3fffd1844b1bf840021a85dd43"},"description":"Bug sur un ancien contrat Yearn : un mint infini vide pr\u00e8s de 9 M$ sur Yearn Finance, dont 2,4 M$ r\u00e9cup\u00e9r\u00e9s.","breadcrumb":{"@id":"https:\/\/www.coinspeaker.com\/fr\/yearn-finance-piratage\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.coinspeaker.com\/fr\/yearn-finance-piratage\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.coinspeaker.com\/fr\/yearn-finance-piratage\/#primaryimage","url":"https:\/\/www.coinspeaker.com\/fr\/wp-content\/uploads\/sites\/6\/2025\/12\/yearn-finance-piratage.png","contentUrl":"https:\/\/www.coinspeaker.com\/fr\/wp-content\/uploads\/sites\/6\/2025\/12\/yearn-finance-piratage.png","width":1200,"height":800},{"@type":"BreadcrumbList","@id":"https:\/\/www.coinspeaker.com\/fr\/yearn-finance-piratage\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.coinspeaker.com\/fr\/"},{"@type":"ListItem","position":2,"name":"Yearn Finance : un bug vide des millions en ETH, 2,4 M$ r\u00e9cup\u00e9r\u00e9s"}]},{"@type":"WebSite","@id":"https:\/\/www.coinspeaker.com\/fr\/#website","url":"https:\/\/www.coinspeaker.com\/fr\/","name":"Coinspeaker France","description":"Bitcoin, Ethereum, Altcoins et actualit\u00e9s crypto avec analyses, cours en direct, graphiques de donn\u00e9es et guides","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.coinspeaker.com\/fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Person","@id":"https:\/\/www.coinspeaker.com\/fr\/#\/schema\/person\/d793ce3fffd1844b1bf840021a85dd43","name":"Emmanuel Roux","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.coinspeaker.com\/fr\/#\/schema\/person\/image\/","url":"https:\/\/www.coinspeaker.com\/fr\/wp-content\/uploads\/sites\/6\/2025\/06\/cropped-pp-1-96x96.png","contentUrl":"https:\/\/www.coinspeaker.com\/fr\/wp-content\/uploads\/sites\/6\/2025\/06\/cropped-pp-1-96x96.png","caption":"Emmanuel Roux"},"description":"Issu de la finance traditionnelle, j\u2019ai naturellement bascul\u00e9 vers l\u2019univers crypto, attir\u00e9 par son potentiel. Je souhaite y apporter mon approche analytique et rationnelle, tout en conservant ma curiosit\u00e9. En dehors de l\u2019\u00e9cran, je lis beaucoup (\u00e9conomie, essais, un peu de science-fiction) et je prends plaisir \u00e0 bricoler. Le DIY, pour moi, c\u2019est comme la crypto : comprendre, tester, construire soi-m\u00eame.","url":"https:\/\/www.coinspeaker.com\/fr\/author\/emmanuel\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.coinspeaker.com\/fr\/wp-json\/wp\/v2\/posts\/18869","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.coinspeaker.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.coinspeaker.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.coinspeaker.com\/fr\/wp-json\/wp\/v2\/users\/200"}],"replies":[{"embeddable":true,"href":"https:\/\/www.coinspeaker.com\/fr\/wp-json\/wp\/v2\/comments?post=18869"}],"version-history":[{"count":4,"href":"https:\/\/www.coinspeaker.com\/fr\/wp-json\/wp\/v2\/posts\/18869\/revisions"}],"predecessor-version":[{"id":18878,"href":"https:\/\/www.coinspeaker.com\/fr\/wp-json\/wp\/v2\/posts\/18869\/revisions\/18878"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.coinspeaker.com\/fr\/wp-json\/wp\/v2\/media\/18877"}],"wp:attachment":[{"href":"https:\/\/www.coinspeaker.com\/fr\/wp-json\/wp\/v2\/media?parent=18869"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.coinspeaker.com\/fr\/wp-json\/wp\/v2\/categories?post=18869"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.coinspeaker.com\/fr\/wp-json\/wp\/v2\/tags?post=18869"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}