Serrari Group

info@serrarigroup.com

+254114498341

+1 812 515-1632 / +254114498239

Facebook Twitter Linkedin Instagram Youtube Tiktok
Ad 3 Ad 1 Ad 1 Ad 2 Ad 2 Ad 2 Ad 2
Cryptocurrency News

The $9 Million Breach: How a ‘Legacy’ Flaw Rocked Yearn Finance and the DeFi Security Model

Family Bank’s Q3 Performance Surges 56% to KES 3.5 Billion, Accelerated by Lending Momentum and Strategic NSE Push By: Montel Kamau Serrari Financial Analyst 4th December, 2025 Meta Tag: Family Bank Group posts a 56% rise in Q3 2025 net profit, hitting KES 3.5 billion, propelled by soaring interest income and strategic focus on SME growth ahead of its 2026 NSE listing. Family Bank Group has delivered an exceptional financial performance for the nine months ending September 30, 2025, recording a significant 56% increase in Profit After Tax (PAT) to KES 3.5 billion, a substantial jump from KES 2.3 billion reported during the corresponding period in the previous year. This robust growth, detailed in the bank’s latest investor briefing, underscores the successful execution of a strategy focused on capitalizing on the prevailing high-interest rate environment, sustained growth in its balance sheet, and disciplined cost management. The bank’s performance stands out in a period where the wider Kenyan banking sector has seen a general, albeit slower, increase in profitability. A recent analysis of NSE-listed banks’ Q3 performance in 2025 indicated that while combined sector profits rose by approximately 10.8%, Family Bank’s 56% surge places it firmly among the fastest-growing financial institutions in the mid-tier segment. This outperformance is attributed to Family Bank's calculated shift towards high-yield assets and strategic expansion in its core lending areas. Build the future you deserve. Get started with our top-tier Online courses: ACCA, HESI A2, ATI TEAS 7, HESI EXIT, NCLEX-RN, NCLEX-PN, and Financial Literacy. Let Serrari Ed guide your path to success. Enroll today. The Engine of Growth: Net Interest Income The most decisive factor driving the profit surge was the remarkable growth in Net Interest Income (NII). Family Bank closed the nine-month period with a net interest income of KES 10.9 billion, translating to an impressive total interest income growth of 21.2%. This performance is primarily segmented into two key areas: income from the expanding loan book and revenue derived from investments in Government securities. The bank’s loan book expanded by a solid 10.1% to KES 103.7 billion. This growth reflects an intensified focus on credit uptake, particularly in sectors aligned with the bank's strategic priority, Micro, Small, and Medium Enterprises (MSMEs). The ability to grow the lending portfolio in a competitive market indicates strong customer confidence and effective risk-adjusted pricing strategies. This is crucial given that Family Bank has long championed the SME sector, often partnering with global institutions to expand access to financing. For instance, the bank has secured funding partnerships aimed at expanding access to financing for SMEs, reinforcing its commitment to this segment. Simultaneously, the bank strategically amplified its investments in Government securities, which saw a sharp increase, contributing significantly to the overall interest income. Total assets grew by 24.1% to KES 202.5 billion, with investments in government securities climbing to KES 39.0 billion. The high yields associated with Kenya’s government papers have provided a critical, low-risk revenue stream, a trend that mirrors the broader market where many financial institutions are relying more on interest income as the core revenue driver. Strategic Priorities and Digital Transformation Family Bank CEO Nancy Njau, speaking during the investor briefing forum, attributed the impressive Q3 profit growth to the effective execution of its strategic priorities. Njau, who took the helm in early 2024, has focused her mandate on innovation, digital transformation, customer-centricity, and strategic partnerships, all designed to scale the bank's SME lending capabilities. “This robust performance is in line with our strategic focus, prioritising innovation, digital transformation, customer-centricity, and strategic partnerships aimed at scaling our SME lending capabilities. This positions Family Bank as the preferred bank for biashara as we work towards our planned listing at the NSE in 2026,” stated CEO Nancy Njau. The emphasis on digital transformation is palpable across the sector. Many Kenyan banks are repurposing their branch networks to serve as self-service digital centres and sales points, a strategic move that aligns with Family Bank’s efforts to embrace digital advancements. Family Bank has historically been a pioneer in this space, being one of the first in Kenya to introduce mobile banking via platforms like PesaPap. This consistent investment is reflected in the growth of Total non-funded income (NFI), which grew by 14.4%. This increase was driven by increased customer transactions, sustained investment in digital solutions, and a focus on partnerships targeting SME lending. While the banking sector experienced a divergence, with many listed banks reporting a contraction in NFI, Family Bank's ability to achieve a 14.4% growth in this area highlights the efficacy of its digital strategy and fee-based revenue optimization. The growth in NFI, coupled with the interest income surge, shows a well-rounded revenue generation structure. Expanding the Balance Sheet and Customer Trust The bank’s sustained operational success is built on a foundation of a strong balance sheet. The growth in total assets to KES 202.5 billion is a testament to management's strategy of disciplined growth. Customer confidence, a vital indicator of financial health, remained high. Customer deposits grew by 15.3% to KES 146.8 billion, underlining customers’ continued trust and confidence in the bank’s financial stability and service delivery. This substantial deposit base provides the necessary liquidity and low-cost funding required to drive the expansion of the loan book and investment in high-yielding government securities. Prudent Risk Management and Capital Adequacy While revenue streams accelerated, the bank maintained a disciplined approach to risk and capital management. Operating expenses increased by 33%, primarily driven by a moderate growth in staff costs and, more significantly, a prudent provisioning for loan losses, which rose to KES 1.3 billion. The deliberate increase in loan loss provisions is characteristic of the banking sector's prudent risk management approach. This proactive stance ensures that the bank strengthens its buffers against potential loan defaults, especially in a dynamic economic environment where asset quality can be challenged. From a regulatory perspective, Family Bank demonstrated robust capital adequacy. Core capital stood at KES 19.6 billion, up from KES 14.7 billion. This increase signals the bank's commitment to maintaining strong capital ratios, particularly in light of the progressive core capital requirements recently introduced by the Central Bank of Kenya (CBK). These progressive requirements mandate banks to substantially increase their minimum core capital over a multi-year period, aiming to strengthen the sector’s overall resilience and capacity to finance large-scale projects. The CBK’s new rules, phased over five years, set an ambitious goal for all banks to eventually meet a KES 10 billion core capital threshold, with an initial milestone of KES 3 billion by December 2025. Family Bank’s current core capital of KES 19.6 billion clearly places it well above both the immediate and long-term regulatory targets, showcasing its stability. Furthermore, the liquidity ratio also remained strong at 54.4%, significantly above the statutory requirement of 20%. This high liquidity underscores the bank’s capacity to meet short-term obligations and its strong balance sheet health. One decision can change your entire career. Take that step with our Online courses in ACCA, HESI A2, ATI TEAS 7, HESI EXIT, NCLEX-RN, NCLEX-PN, and Financial Literacy. Join Serrari Ed and start building your brighter future today. The Road to the Nairobi Securities Exchange (NSE) in 2026 The strong Q3 performance provides significant positive momentum as Family Bank prepares for its highly anticipated listing at the NSE in 2026. This move, which received shareholder approval in late 2025, is a strategic maneuver designed to enhance market transparency, improve liquidity for existing shareholders, and position the bank for its next phase of exponential growth. The listing is planned to be executed through an introduction, meaning the bank will list its existing 1.305 billion shares for trading without immediately issuing new shares to raise capital. This strategy avoids the dilution of existing ownership stakes while providing a crucial market mechanism for shareholders—many of whom are long-term investors—to realize the value of their holdings. Board Chairman Lazarus Muema previously noted that the decision reflects long-term preparation and the bank’s commitment to list "from a position of strength," ensuring the process creates long-term value for shareholders and the public market. This NSE debut, if successfully completed, will make Family Bank the latest entrant into the public market, reinforcing Nairobi’s position as East Africa's leading financial hub and bringing the total number of listed commercial banks to twelve. Deeper Look at SME Strategy and Partnerships The bank’s strategic focus on the SME sector is critical to its growth narrative, given that SMEs are the backbone of Kenya’s economy. The bank’s commitment is anchored in continuous strategic partnerships that inject targeted funds into this vital segment. For example, Family Bank has leveraged agreements to secure specialized trade finance facilities from institutions like the British International Investment (BII) and the European Investment Bank (EIB) to enhance access to financing for MSMEs. This influx of targeted capital allows Family Bank to address the specific financial needs of small businesses, ranging from short-term working capital to long-term asset finance. This specialized approach not only drives the expansion of the loan book (up 10.1%) but also reinforces the bank’s brand as the "preferred bank for biashara (business)." By providing tailored financial products and digital solutions that integrate seamlessly with SME operations, the bank is capturing a higher market share in this high-growth sector. Comparative Market Context Family Bank's Q3 2025 performance must be viewed against the backdrop of the wider Kenyan financial landscape. The results show a significant departure from the trend observed in the broader NSE-listed banking fraternity, where overall profit growth was more moderate. While the general sector saw Net Interest Income account for 67.1% of total operating income in Q3 2025, Family Bank’s performance was exceptional, even among mid-tier peers. The ability of the bank to grow both the interest income (21.2%) and the non-funded income (14.4%) simultaneously positions it uniquely. Many of the large, listed institutions struggled to grow their NFI, with some even reporting steep declines due to slower economic activity and reduced foreign exchange trading income. Family Bank’s success in growing NFI, despite a sector-wide contraction, highlights the effectiveness of its targeted fee-based products and increased volume of digital transactions, which now account for over 90% of all customer transactions. Furthermore, the bank’s impressive liquidity ratio of 54.4% far surpasses the minimum regulatory threshold and outstrips that of many peers, demonstrating a strong capacity to manage risk and meet unexpected obligations. Conclusion and Future Outlook Family Bank Group’s Q3 2025 financial results mark a critical milestone in its trajectory toward becoming a top-tier financial institution. The 56% surge in profit after tax to KES 3.5 billion is not merely a quantitative success but a qualitative affirmation of its focused strategy. As the bank enters the final quarter of the year, the stated objective remains clear: to continue prioritizing customers and driving sustainable shareholder value ahead of the 2026 NSE listing. The bank’s exceptional capital buffers, high liquidity, and sustained revenue growth—particularly in high-yield government securities and the critical SME lending segment—position it robustly to navigate future economic volatilities and execute its ambitious growth plans. The successful attainment of the KES 10.9 billion NII underscores the effectiveness of its dual-pronged approach to revenue generation, ensuring both stability and dynamism in a highly competitive market. The market will now closely watch the final steps toward regulatory clearance from the Central Bank of Kenya and the Capital Markets Authority as the bank prepares to transition into a publicly listed entity, a move expected to unlock significant long-term value for all stakeholders. The strategic clarity and operational excellence demonstrated in the Q3 results provide a strong foundation for this next chapter. The video below offers visual context regarding Family Bank's strong Q3 profit performance, driven by key financial levers like interest income and sound cost management. Family Bank Q3 profit jumps 56% to KSh 3.5B on strong interest income and cost management. Catch Up With Our Other Headlines 4th December, 2025 EU Reflection Group Calls for Urgent Action to Close €208 Billion Climate Protection Gap Through Coordinated Financing Strategy’ Euro Zone Inflation Climbs to 2.2% in November as Services Costs Drive Uptick, Solidifying ECB Rate Pause Expectations African Development Bank Deploys €25 Million Trade Finance Guarantee to Transform Cameroon’s SME Landscape Through Strategic CCA-Bank Partnership South Africa’s Economic Growth Moderates to 0.5% in Q3 2025 as Mining Sector Propels Recovery IFC and Kenya Investment Authority Forge Strategic Alliance to Mobilize Foreign Capital Through Systematic Project Pipeline Development Kenya’s November 2025 Inflation Eases to 4.5% as Transport Costs Surge Despite Stable Fuel Prices Ready to take your career to the next level? Join our Online courses: ACCA, HESI A2, ATI TEAS 7 , HESI EXIT , NCLEX - RN and NCLEX - PN, Financial Literacy!🌟 Dive into a world of opportunities and empower yourself for success. Explore more at Serrari Ed and start your exciting journey today! ✨ Track GDP, Inflation and Central Bank rates for top African markets with Serrari’s comparator tool. See today’s Treasury bonds and Money market funds movement across financial service providers in Kenya, using Serrari’s comparator tools.

On November 30, the decentralized finance (DeFi) sector absorbed yet another significant security breach, this time striking one of its most venerable protocols, Yearn Finance. The incident, which centered on an older yETH pool designed to manage liquid staking derivatives, resulted in the loss of approximately $9 million in crypto assets. The complexity of the attack, which leveraged a subtle flaw known as an “infinite-mint” vulnerability, sent immediate, albeit contained, ripples through the market sentiment for major tokens, including Bitcoin and Ethereum, underscoring the persistent fragility that plagues even battle-tested DeFi platforms.

The exploit did more than just drain liquidity; it exposed the systemic risks associated with maintaining legacy smart contracts and the difficulty protocols face in fully decommissioning older versions of their products. Yearn Finance, known for its focus on automated yield strategies, quickly mobilized its development and security teams, but the event has reignited industry-wide debate over protocol immutability versus upgradeability and the necessity of rigorous, perpetual auditing.

Build the future you deserve. Get started with our top-tier Online courses: ACCA, HESI A2, ATI TEAS 7, HESI EXIT, NCLEX-RN, NCLEX-PN, and Financial Literacy. Let Serrari Ed guide your path to success. Enroll today.

Anatomy of the Attack: The Infinite Mint Vector

Blockchain security alerts and detailed post-mortem statements from the Yearn development team indicated that the core vulnerability lay not in the protocol’s current, advanced infrastructure (V2 and V3 vaults), but in the older yETH token and its associated pool logic. The flaw was a sophisticated combination of faulty invariants and an exploitable rate-update mechanism within the legacy code.

The attack vector capitalized on a vulnerability that allowed the attacker to manipulate the internal accounting of the yETH token—an index token representing a basket of liquid-staking derivatives (LSDs) on Ethereum. In essence, the exploiter discovered a way to trick the contract into believing they were entitled to an effectively unlimited amount of yETH without providing commensurate collateral.

The scale of the illicit minting was staggering. In a single, highly technical transaction, the attacker was able to mint on the order of 235 trillion yETH. This massive, artificially inflated balance then became the weapon used to execute the final heist. By using these newly minted, worthless yETH tokens, the exploiter was able to enter the Balancer and Curve liquidity pools tied to the product and withdraw the real, underlying assets—primarily ETH and other liquid-staking tokens. Security researchers noted that this type of “infinite-mint” or “price manipulation” attack is often enabled by complex, interdependent contract logic where one contract’s calculated value relies on the integrity of another’s external state, a common pitfall in the composable architecture of DeFi. The use of older, less-audited contract versions, particularly those operating with token standards or pool mechanics that have since been superseded by industry best practices, amplified the risk.

Financial Hemorrhage and Fund Obfuscation

The economic impact of the breach was confirmed through on-chain data and forensic summaries, putting the total loss near $9 million. This figure comprised about $8 million drained from the main stableswap pool—a vital component providing deep liquidity for the yETH product—and roughly $900,000 from a related yETH-WETH pool.

The immediate aftermath involved a swift attempt by the attacker to obscure the flow of stolen funds. Approximately 1,000 ETH, which at recent market prices equated to roughly $3 million, was quickly routed through Tornado Cash, a notorious, centralized cryptocurrency mixer. While this tool has legitimate uses for privacy, it is frequently employed by hackers to break the link between stolen assets and the originating wallet address, making tracking and potential recovery extremely difficult for law enforcement and on-chain intelligence firms. Additional stolen funds were confirmed to be sitting in attacker-controlled wallets, pending further movement.

The sophistication of the exploit was further evidenced by the attacker’s on-chain preparation. Analysts noted a pattern frequently seen in other advanced DeFi exploits: the deployment of several “helper contracts” immediately before the main transaction, followed by their swift self-destruction afterward. This tactic is specifically designed to complicate the forensic analysis of the on-chain trail by making it difficult to immediately reconstruct the attacker’s intent and the exact mechanism by which the faulty logic was exploited across multiple contract calls. The use of specialized, ephemeral contracts demonstrates a deep understanding of EVM execution and advanced planning, suggesting the involvement of a highly skilled group or individual.

One decision can change your entire career. Take that step with our Online courses in ACCA, HESI A2, ATI TEAS 7, HESI EXIT, NCLEX-RN, NCLEX-PN, and Financial Literacy. Join Serrari Ed and start building your brighter future today.

The Problem of Legacy Code in DeFi

Yearn Finance was quick to reiterate that the fundamental flaw lay in the yETH token and pool logic, emphatically stating that the protocol’s current, actively managed V2 and V3 vault infrastructure were secure and unaffected. This distinction is crucial, as the modern vaults incorporate years of learning from past exploits and adhere to much stricter security standards and frequent auditing cycles.

However, the incident highlights a critical and often overlooked vulnerability in DeFi: legacy contracts. Many early DeFi protocols, built during the industry’s initial boom, feature numerous versions of contracts that, while technically decommissioned or deprecated, still hold assets or interact with older pools. Completely migrating all users and liquidity from V1 to V2, or V2 to V3, is a complex, costly, and sometimes impossible endeavor, as certain users or dependent protocols may fail to move. When these older contracts are left operational, they create what are essentially “back doors” into the protocol’s ecosystem.

The DeFi industry is built on the concept of composability, where protocols act as money legos, stacking on top of one another. Unfortunately, this very feature means that a vulnerability in a seemingly isolated, older contract can create a cascading failure when interacting with external, robust platforms like Curve Finance or Balancer. In this case, the legacy yETH contract was the weak link that allowed the attacker to poison the liquidity pools relying on its token’s integrity.

Broader Context: A Month of Security Breaches

The Yearn exploit occurred against a worrying backdrop of sustained security incidents across the digital asset space. The incident added to November’s running tally of more than $100 million in crypto lost to hacks and scams across various protocols, according to industry trackers. This trend underscores the challenges protocols face in securing increasingly complex, multi-chain environments where cross-chain bridges and oracle vulnerabilities are becoming prime targets.

The persistence of these high-value exploits suggests a few systemic issues:

  1. Audits are Insufficient: While Yearn, like most major protocols, undertakes multiple external audits, the continuous nature of development and the sheer complexity of integrated systems mean that even highly scrutinized code can harbor subtle, economically exploitable flaws, especially when interacting with external protocols.
  2. Composability Risk: The “money lego” nature of DeFi means that a successful attack often involves exploiting the weakest link in a chain of otherwise strong contracts. This highlights the need for systemic security reviews that test not just one contract, but the full interaction matrix of a protocol with its dependencies.
  3. Incomplete Migration: The continuous need to sunset legacy contracts without compromising the safety of residual assets or external integrations remains a painful operational challenge for all large protocols.

Remediation and Future Outlook

In response to the exploit, the Yearn team immediately began working with leading external audit and incident-response groups, including specialized on-chain security collectives, to conduct a full, independent post-mortem analysis. Their immediate goals were twofold: to dissect the root cause of the flaw and to propose detailed remediation steps for affected users and liquidity providers. While specific details on fund recovery strategies remain limited, the standard DeFi playbook involves attempts to negotiate with the attacker or, failing that, leveraging protocol insurance funds where applicable.

Crucially, the community must address the core issue of the legacy contract’s continued existence. The development mandate for all DeFi protocols going forward is clear: zero-tolerance for legacy code risk. Future development must incorporate better migration incentives and potentially time-locked kill switches for older contracts to ensure full decommissioning after a designated grace period.

This exploit is a sharp reminder of the unique risks associated with the Liquid Staking Derivative (LSD) sector. The integrity of yETH, and by extension the protocol’s trust layer, is inextricably tied to the underlying staked assets. As LSDs grow in popularity—driven by the shift to proof-of-stake—their security must be paramount, as any failure impacts both the DeFi ecosystem and the foundational security of the Ethereum network itself.

For the institutional players that HashKey and other regulated exchanges are trying to attract (as noted in previous market analyses), these exploits serve as a sobering counter-argument to mass adoption. Institutional capital requires security guarantees and auditability that currently fluctuate based on protocol versions. The Yearn breach reinforces the necessity for regulated entities to only interact with protocols that adhere to the most rigorous, modern security standards, effectively creating a “whitelist” of audited, battle-tested DeFi platforms. The longevity and safety of DeFi depend on the collective ability of developers to learn from these costly events and commit to an operational model where security is not a feature but a non-negotiable, perpetually updated foundation.

Catch Up With Our Other Headlines

4th December, 2025

EU Reflection Group Calls for Urgent Action to Close €208 Billion Climate Protection Gap Through Coordinated Financing Strategy

Euro Zone Inflation Climbs to 2.2% in November as Services Costs Drive Uptick, Solidifying ECB Rate Pause Expectations

African Development Bank Deploys €25 Million Trade Finance Guarantee to Transform Cameroon’s SME Landscape Through Strategic CCA-Bank Partnership

South Africa’s Economic Growth Moderates to 0.5% in Q3 2025 as Mining Sector Propels Recovery

IFC and Kenya Investment Authority Forge Strategic Alliance to Mobilize Foreign Capital Through Systematic Project Pipeline Development

Kenya’s November 2025 Inflation Eases to 4.5% as Transport Costs Surge Despite Stable Fuel Prices

Ready to take your career to the next level? Join our Online courses: ACCA, HESI A2, ATI TEAS 7 , HESI EXIT  , NCLEX – RN and NCLEX – PN, Financial Literacy!🌟 Dive into a world of opportunities and empower yourself for success. Explore more at Serrari Ed and start your exciting journey today! 

Track GDP, Inflation and Central Bank rates for top African markets with Serrari’s comparator tool.

See today’s Treasury bonds and Money market funds movement across financial service providers in Kenya, using Serrari’s comparator tools.

Photo source: Google

By: Montel Kamau

Serrari Financial Analyst

4th December, 2025

Share this article:
Article, Financial and News Disclaimer

The Value of a Financial Advisor
While this article offers valuable insights, it is essential to recognize that personal finance can be highly complex and unique to each individual. A financial advisor provides professional expertise and personalized guidance to help you make well-informed decisions tailored to your specific circumstances and goals.

Beyond offering knowledge, a financial advisor serves as a trusted partner to help you stay disciplined, avoid common pitfalls, and remain focused on your long-term objectives. Their perspective and experience can complement your own efforts, enhancing your financial well-being and ensuring a more confident approach to managing your finances.

Disclaimer: This article is for informational purposes only and does not constitute financial advice. Readers are encouraged to consult a licensed financial advisor to obtain guidance specific to their financial situation.

Article and News Disclaimer

The information provided on www.serrarigroup.com is for general informational purposes only. While we strive to keep the information up to date and accurate, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.

www.serrarigroup.com is not responsible for any errors or omissions, or for the results obtained from the use of this information. All information on the website is provided on an as-is basis, with no guarantee of completeness, accuracy, timeliness, or of the results obtained from the use of this information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability, and fitness for a particular purpose.

In no event will www.serrarigroup.com be liable to you or anyone else for any decision made or action taken in reliance on the information provided on the website or for any consequential, special, or similar damages, even if advised of the possibility of such damages.

The articles, news, and information presented on www.serrarigroup.com reflect the opinions of the respective authors and contributors and do not necessarily represent the views of the website or its management. Any views or opinions expressed are solely those of the individual authors and do not represent the website's views or opinions as a whole.

The content on www.serrarigroup.com may include links to external websites, which are provided for convenience and informational purposes only. We have no control over the nature, content, and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorsement of the views expressed within them.

Every effort is made to keep the website up and running smoothly. However, www.serrarigroup.com takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

Please note that laws, regulations, and information can change rapidly, and we advise you to conduct further research and seek professional advice when necessary.

By using www.serrarigroup.com, you agree to this disclaimer and its terms. If you do not agree with this disclaimer, please do not use the website.

www.serrarigroup.com, reserves the right to update, modify, or remove any part of this disclaimer without prior notice. It is your responsibility to review this disclaimer periodically for changes.

Serrari Group 2025

 

Previous Article

Next Article

Track all markets on TradingView
Track all markets on TradingView
Track all markets on TradingView

News & Blogs

Get Serrari Updates Daily

Trending Macro And Financial News For Kenya, Africa And The World

Compare African Economies and Financial Products

Tools

Weather Forecast