$15 Million exploited from Eminence, a DeFi project
With defi frenzy coming to palpable levels, all seemed well until a new project by Andre Cronje went awry. This has resulted in a loss of $15 million in funds, out of which $8 million was sent to Cronje’s yearn deployer account as a “sorry” note.
Eminence is/was an unfinished game with an in-game economy for the gaming multiverse. Although the project was still unfinished, untested, and unaudited, it was launched without Cronje on Uniswap.
Cronje stated on Twitter that the game was “at least+3 weeks away”.
“These contracts, nor the ecosystem are final, yesterday alone you will notice I deployed 2 separate batches of the contracts, this is my usual “test in prod” process”
However, to build hype around the project, bits and pieces of the art from the game were being showcased on Twitter.
Defi is a decentralized land and this isn’t the first time a project has been launched without the creator’s knowledge. The first time around, it was Curve’s Curve DAO token, which was launched by a pseudonymous user @0xCh4d. Although for CRV, the code was completely finished and luckily had no bugs or exploit.
In Eminence’s case, since the project was unfinished it had bugs; the bug that led to the loss of funds was a flash loan bug. Andre stated that this was a “simple exploit”, where one could mint a lot of EMN at the tight curve, which could then be burned for one of the other currencies. Finally, selling the currency for EMN.
For now, Cronje has promised to redistribute the $8 million sent to his account.
As I am receiving a fair amount of threats, I have asked yearn treasury to assist with refunding the 8m the hacker sent. The multisig is safer and as such I feel more comfortable with them having the funds. Funds will be returned to holders pre-hack snapshot. https://t.co/wbputn5hYD
— Andre Cronje (@AndreCronjeTech) September 29, 2020
With defi, the trade-off is that nobody can approve the project, smart contract, or the team. There is no need to go through a listing process either. Hence, anyone can launch anything and it can be a legit project or a scam.
Andre Cronje gained prominence due to his launch of iEarn and YFI token. Ever since then, there has been a particular hype when it comes to Cronje’s project. SBF Alameda sums up the whole escapade in his tweet thread where he says.
“Everyone wants to get in on the next big Andre project, so people started FOMOing into it when they got wind of it.”
Below is a chart for the EMN token.