- Andre Cronje reports attacks on project Eminence.
- Attacker returns $8 million of the stolen funds.
The Ethereum DeFi has reached a major milestone by obtaining $11 billion in total locked value (TVL). The milestone has coincided with the attack on one of the industry’s most popular creators, Andre Crojen. The creator of Yearn Finance has revealed that a hacker exploited a vulnerability in one of his projects, called Eminence. The hacker was able to steal $15 million.
Crojen explained that Eminence is a game project still under development. As part of his personal process of testing his products on the Ethereum mainnet, Cronje deployed the smart contracts related to Eminence. Later, the developer learned that $15 million was deposited into the contracts that were intended just for testing.
Theft and return of funds
The $15 million came from people who rushed to buy the platform’s token EMN. It is likely that these buyers wanted to get ahead of other investors, acquire the token, and wait for it to rally and resell it on the market. It is a technique that has characterized the Ethereum DeFi in which being first is crucial, as trader Josh Rager has stated. Cronje called the attack “very simple” and explained it as follows:
The exploit itself was a very simple one, mint a lot of EMN at the tight curve, burn the EMN for one of the other currencies, sell the currency for EMN.
After the attack, $8 million was sent to Cronje’s yearn account. The developer has explained that he will return the funds to the affected users. However, Cronje has received threats and therefore the return process will be handled by Yearn’s treasury. Cronje added:
The multisig is safer and as such I feel more comfortable with them having the funds. Funds will be returned to holders pre-hack snapshot.
Cronje has updated his followers via Twitter in the last hours. In his recent publications, Cronje confirmed that he will continue working in Eminence because of his attachment to the project and his “metaconomy” characteristics. In addition, the developer stated that he will continue to use his method of testing smart contracts on Ethereum’s mainnet and said that many of these will have vulnerabilities. For this reason, he asked his followers not to test his products until there is an official Medium article.
However, the developer has taken some suggestions from the crypto community. Therefore, he stated that for future projects he will stop revealing certain details and try to make the development process more private. Cronje said:
Thank you for the feedback today. I have read two primary criticism and both seem to be related to the public nature of this twitter account and the public nature of my ETH address. Going forward, I will not use either for new projects I am working on.