Cryptocurrencies: 5,975
Markets: 545
Marketcap: $ 554.72 B
24h Vol: $ 101.34 B
BTC Dominance: 61.24%

Global market data

Cryptocurrencies: 5,975
Markets: 545
Marketcap: $ 554.72 B
24h Vol: $ 101.34 B
BTC Dominance: 61.24%

[THE BLOCK] YFI founder’s incomplete DeFi protocol exploited, attacker drained $15M and then returned $8M

The Block

Eminence.Finance, the unfinished decentralized finance (DeFi) protocol by Yearn.Finance (YFI) founder Andre Cronje, was exploited Monday night.

The attacker drained $15 million from Eminence, deposited by users or so-called “yield farmers,” and then returned $8 million to YFI. It is not clear why the attacker return funds. 

The exploit occurred within a few hours of Eminence’s Twitter page launch and retweets by Cronje. What went wrong?

Eminence is a card gaming protocol being developed by Cronje, who built the viral DeFi project YFI. YFI popularized the concept of yield aggregation — farming yield from different lending protocols and optimizing for the maximum yield. YFI then returns the collected yield to depositors.

Within days of its launch, YFI became famous and the price of its native governance token shot up. Its market capitalization has surged to $787 million at the time of writing, according to CoinGecko. 

So when Cronje disclosed his another project Eminence, via retweets, yield farmers didn’t seem to want to miss a chance and ended up depositing $15 million in the unfinished project.

“Just aped into $EMN,” tweeted @ChainLinkGod, for instance. “I still have no idea what it does or what its purpose actually is, but hey if @AndreCronjeTech is involved, I’ll degen in any day of the week.”

Cronje said Eminence is at least three weeks away, which he disclosed only after the exploit took place. “Yesterday we finished the concept behind our new economy for a gaming multiverse. Eminence. As per my usual methodology, I deployed our staging contracts on ETH so we can continue developing on it,” he said.

Cronje deployed smart contracts for Eminence, with “burn” and “mint” possibilities, meaning users could deposit funds and mint Eminence’s native EMN token.

“Almost [$]15m was deposited into the contracts,” said Cronje. “The contracts were exploited for the full [$]15m and [$]8m was sent to my yearn: deployer account.”

Cronje termed the exploit as a “very simple one” — “mint a lot of EMN at the tight curve, burn the EMN for one of the other currencies, sell the currency for EMN.”

One trader, for instance, lost $130,000 in one hour. Here’s how EMN tank:
image 115 687x675 1While traders are ultimately responsible for any loss of funds deposited into unfinished and unaudited protocols, Cronje’s actions, i.e., teasing about and retweeting Eminence’s project, could be held responsible, according to some members of the DeFi community.

“Andre deployed these contracts from the main ‘Yearn Deployer’ address. People watch his every move, every transaction. Why didn’t he use an alternative, non-followed address to deploy/test if these were indeed just ‘staging’ contracts?,” asked Mick Hagen, founder of Genesis Block.

“Just after he deploys the contracts, he starts RTing mysterious, FOMO-inducing teasers. The domain is theirs,” said Hagen. “It all checks out. The hype is building. This train is leaving the station. No turning back. Anything Andre touches turns to gold. Degen mode activated.”

Hagen said the situation could have been mitigated if Cronje didn’t induce “FOMO” (fear of missing out) by retweeting teasers of his new gaming protocol.

Some other members of the crypto community shared similar thoughts, including Alex Krüger and “@CryptoMessiah.

“Given some of the responses, let me be clear, do not use random contracts I deploy unless I reference it in a medium article,” said Cronje. “The contracts I deployed yesterday were purely for myself to engage with.”

It is not clear whether Cronje would issue new tokens to depositors who lost money when Eminence officially launches. The Block has reached out to Cronje and will update this story should we hear back. 

© 2020 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Find the full article here

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

Liquidary.com will use the information you provide on this form to be in touch with you and to provide updates and marketing. You can unsubscribe anytime.