The Goldfinch Finance exploit resulted in a user losing approximately $330,000 due to a vulnerability in an older smart contract on Ethereum. The attacker drained funds by exploiting the collectInterestRepayment function and laundered proceeds through Tornado Cash, prompting urgent revocation of approvals.
-
Exploit details: Attacker targeted deltatiger.eth’s wallet via contract 0x0689aa2234d06Ac0d04cdac874331d287aFA4B43, stealing 118 ETH worth $330K.
-
Goldfinch Finance, a DeFi lending platform backed by a16z Crypto and Coinbase Ventures, uses uncollateralized loans reviewed by backers.
-
This incident follows November’s $127 million in industry hacks, with Goldfinch’s active loans at $91.3 million per CoinGecko data.
Discover the Goldfinch Finance exploit: A $330K DeFi hack exposes smart contract risks. Learn how it happened, prevention tips, and implications for uncollateralized lending. Stay secure in crypto—revoke approvals now!
What is the Goldfinch Finance Exploit?
The Goldfinch Finance exploit refers to a security breach on December 2, 2025, where an attacker compromised a user’s wallet on the Ethereum-based DeFi platform, resulting in losses of about $330,000. Blockchain security firm PeckShield identified the vulnerability in an older smart contract that allowed unauthorized transfers of USDC tokens. The incident highlights ongoing risks in decentralized finance protocols, even for established platforms like Goldfinch.
How Did the Goldfinch Finance Hack Occur?
The exploit stemmed from a flaw in the smart contract’s collectInterestRepayment() function, which permitted transfers from any approved address without proper safeguards. PeckShield’s analysis revealed that the attacker deposited 1,000 USDC to manipulate the share price artificially, then repeatedly withdrew inflated funds, draining the victim’s holdings. Following the theft, the perpetrator sent approximately 118 ETH—equivalent to the stolen value—to Tornado Cash, a privacy-focused mixer, to obscure the funds’ trail.
This breach affected user deltatiger.eth, with the attack occurring around 9:30 AM UTC. PeckShield issued an immediate alert, advising all Goldfinch users to revoke approvals for the compromised contract (0x0689aa2234d06Ac0d04cdac874331d287aFA4B43) to prevent further losses. As of the latest reports, neither Goldfinch Finance nor the affected user has provided updates on recovery efforts or communications from the attacker.
Experts in blockchain security emphasize that such vulnerabilities often arise from legacy code in DeFi protocols. PeckShield’s alert, shared via their X account, underscored the urgency: “Please revoke approvals for this contract immediately.” This event serves as a reminder for users to regularly audit and revoke token approvals, a common vector for exploits in the ecosystem.
Frequently Asked Questions
What Caused the Recent Goldfinch Finance Exploit Loss of $330,000?
The Goldfinch Finance exploit was triggered by a vulnerability in an outdated smart contract’s collectInterestRepayment function, allowing the attacker to transfer approved USDC from the user’s wallet after depositing a small amount to inflate values. PeckShield confirmed the $330,000 loss, with funds laundered via Tornado Cash, urging immediate approval revocations to mitigate risks.
Is Goldfinch Finance Safe After the 2025 DeFi Hack?
Goldfinch Finance remains operational, but the recent exploit highlights the need for caution in DeFi lending. The platform’s uncollateralized model, while innovative, relies on community reviews and insurance partnerships like Nexus Mutual for protection. Users should revoke unnecessary approvals and monitor for updates from Goldfinch on enhanced security measures to ensure safer participation.
Key Takeaways
- Smart contract vulnerabilities persist: Legacy code like the exploited collectInterestRepayment function can lead to significant losses; regular audits are essential for DeFi users.
- Revoke approvals promptly: PeckShield’s guidance to immediately revoke token approvals for suspicious contracts can prevent unauthorized drains in platforms like Goldfinch.
- DeFi risks are rising: With November 2025 hacks totaling $127 million per CertiK, diversify holdings and use insured protocols to safeguard investments.
Conclusion
The Goldfinch Finance exploit underscores the persistent security challenges in DeFi, where a single smart contract flaw led to a $330,000 loss for user deltatiger.eth on December 2, 2025. Backed by investors like a16z Crypto, Goldfinch’s uncollateralized lending model offers unique opportunities but demands vigilant risk management, as seen in past defaults like Tugende Kenya’s $5 million breach. As the crypto industry faces escalating threats—evidenced by Yearn Finance’s recent $3 million incident—users must prioritize approval revocations and protocol transparency. Looking ahead, enhanced audits and insurance could fortify platforms like Goldfinch, fostering a more resilient DeFi ecosystem; stay informed and secure your assets today.
An identified user of the Ethereum-based DeFi platform Goldfinch Finance has suffered an exploit leading to losses of approximately $330,000, according to blockchain security platform PeckShield.
PeckShieldAlert reported on X Tuesday that Goldfinch user deltatiger.eth’s attacker had sent about 118 ETH to Tornado Cash after hacking an older smart contract on Ethereum.
The compromised contract, identified as 0x0689aa2234d06Ac0d04cdac874331d287aFA4B43, enabled the perpetrator to take control of deltatiger’s wallet and drain funds.
#PeckShieldAlert @goldfinch_fi’s user deltatiger.eth @deltatigernz has been attacked, resulting in a ~$330K loss.
The hacker has deposited 118 $ETH of the stolen funds into #TornadoCash.
🚨Please *Revoke* approvals for this contract immediately:… pic.twitter.com/OOuv39YVU9
— PeckShieldAlert (@PeckShieldAlert) December 2, 2025
The vulnerability lay in the contract’s collectInterestRepayment() function, which can transfer USDC from any address granting approval. The attacker reportedly deposited 1,000 USDC and repeatedly withdrew funds after artificially inflating the share price.
PeckShield warned users to “revoke all approvals on the contract” immediately to prevent the hacker from stealing more tokens as they continued using the crypto mixer Tornado Cash to launder the stolen ones.
There have been no updates from deltatiger and Goldfinch so far, and neither of the entities has disclosed if the attacker has communicated with them after the exploit took place at around 9:30 AM UTC today.
Goldfinch Finance’s decentralized lending method faulted
Goldfinch Finance is a decentralized finance (DeFi) protocol supported by major players in the crypto industry, including a16z Crypto and Coinbase Ventures.
Much different from most crypto lending platforms, Goldfinch does not require borrowers to provide collateral. Instead, they can submit loan proposals for review by backers and auditors, which is then issued if proposals secure sufficient support. Liquidity providers, backers, and auditors earn interest as a reward, while borrowers access capital without posting collateral.
The protocol went live on Ethereum in February 2021, issuing $1 million worth of loans initially. Version 1.1 launched a month later in March 2021, and Goldfinch raised $11 million in funding from Andreessen Horowitz months later. In October 2021, the platform partnered with Nexus Mutual, allowing Liquidity Providers and Backers to purchase smart contract insurance.
According to Coingecko’s token terminal, Goldfinch protocol has a fully diluted market capitalization of $30.5 million, token trading volume of $12.4 million in the last 30 days, and active loans totaling $91.3 million.
In 2023, an East African motorbike finance company named Tugende Kenya defaulted on a $5 million crypto loan after allegedly providing an unauthorized loan to its Uganda-based parent company, which violated loan terms.
Warbler Labs, Goldfinch’s parent company, discovered Tugende Kenya had diverted almost $2 million to its parent firm. The breach was unveiled in December that year, but company records show it was reported on Goldfinch’s governance forum in February 2024.
Another default came in 2024 involving Singapore-based private credit firm Lend East, which said it could repay only about $4.25 million of a $10.15 million loan from the Goldfinch pool. The amount was 58% less than the repayment value and accounted for 7.7% of Goldfinch’s total active loans.
The Lend East pool had a 25-month term, maturing on April 3, 2024, offering 17% USDC APY or 28% variable GFI APY. Discord community members alleged that $750,000 borrowed from Goldfinch was used to repay other borrowers, breaching the original loan agreement.
December welcomes DeFi protocols to losses from hacks
Goldfinch’s hack comes barely 24 hours after Yearn Finance’s yETH was hit by an unlimited minting breach, draining the entire yETH pool in a single transaction. According to reports, attackers generated nearly infinite yETH tokens, extracting approximately 1,000 ETH, worth $3 million, which was then routed through Tornado Cash.
yETH is an index token based on several liquid-staked versions of ETH, known as Ethereum Liquid Staking Derivatives (LSTs). The exploit was flagged by X user Togbe, who noted “heavy transactions” on LSTs including Yearn, Rocket Pool, Origin, and Dinero.
Yearn Finance confirmed the incident through its official X account but assured users that V2 and V3 Vaults were secure. This is the second attack since 2021, when Yearn’s yDAI vault breach led to a $2.8 million loss, and a faulty script in December 2023 that wiped out 63% of a treasury position.
Blockchain security firm CertiK reported on Sunday that the crypto industry suffered estimated losses of $127 million from hacks and exploits in November. The company’s monthly threat report noted that actual affected funds exceeded $172 million, though approximately $45 million was later recovered.
