Victor Ugochukwu · Dec 14, 2020 . 5min read
Hacker exploits bugs in Yearn Finance’s unreleased Eminence Gaming project to steal $15 million
Degens searched and found a bug in the Yearn Finance's unreleased Eminence contract, thus stealing user funds worth $15 million.
By Victor Ugochukwu · Sep 29, 2020 . 6min read
The craze to make quick bucks off of the latest DeFi projects by degens has led to another round of unaudited-DeFi project casualty. In what appears as the common rug pulls in the space, a hacker exploited bugs Yearn Finance’s Eminence, an unaudited project to steal $15 million of users funds.
Adam Cronje of Yearn Finance announced that he is building Eminence, an unfinished “economy for a gaming multiverse”. He even went ahead to tease the community with art images to show exciting he thinks the project is. According to Cronje, after tweeting about Eminence, he went to sleep. In the characteristic hunting of degens, they searched and found Eminence contract to start depositing as much as $15 million just within hours.
Apparently, as Eminence is still not market-ready and at least “approximately 3 weeks away” according to Andre Cronje, a hacker was able to exploit the Yearn Finance’s founder work to steal user funds.
In what appears to be a shocked Cronje after discovering what has happened while asleep, he tweeted:
1. Yesterday we finished the concept behind our new economy for a gaming multiverse. Eminence. As per my usual methodology, I deployed our staging contracts on ETH so we can continue developing on it.
2. Eminence is at least ~3+ weeks still away
He continued and explained that he deployed two separate contracts of Eminence which he says is his modus operandi, after all, his Twitter bio says “I test in prod”. He then said,
We posted the first clan “Spartans”. And I went to bed.
Around ~3 AM, I was messaged awake to find out a) almost 15m was deposited into the contracts b) the contracts were exploited for the full 15m and c) 8m was sent to my yearn: deployer account.
Cronje facing a threat due to the EMN dump decides to reimburse users of $8 Million.
Already, some have lost huge because of the Eminence hacker exploitation. For instance, a degen who deposited 369 ETH for EMN roughly 5 hours ago had to sell his holdings for $368.
After the hacking incident, the user’s position
Andre says he will be refunding depositors the exact amount the EMN contract hacker sent to his address.
Yearn Finance founder goes further to assure his fans that irrespective of the hacker exploiting Eminence early test contracts, he’s still continuing with the project. However, he warns of anyone depositing in any of his test contracts unless he expressly states it.
Follow Cryptodose for daily updates.