eFi hacker steals $15 million
An Eminence.Finance hacker decided $7 million was enough, returning half of the $15 million stolen (Photo: Pixabay)
Technology

DeFi hacker steals $15M, returns $8M

Millions were stolen after crypto users sent a fortune to an unfinished smart contract on Eminence.Finance that was being tested by its developer

By  / September 29, 2020 /

Unfinished Decentralized finance (DeFi) protocol Eminence.Finance was hacked after millions poured in while the developer slept. $15 million was gone by the time he woke up. 

But strangely, more than half—$8 million—had been returned to his Yearn account.

Andre Cronje—the creator of major DeFi protocol Yearn.Finance and the exploited protocol Eminence.Finance—informed the public of the hack on Sept. 29. He explained that the protocol was very much a work in progress and he did not expect it to suddenly attract such a great amount of user funds:

“[Neither] these contracts, nor the ecosystem are final, yesterday alone you will notice I deployed 2 separate batches of the contracts, this is my usual “test in prod” process… Around ~3AM I was messaged awake to find out a) almost 15m was deposited into the contracts b) the contracts were exploited for the full 15m and c) 8m was sent to my yearn: deployer account.”

It is unclear why the attacker returned such a big chunk of the stolen funds.  Speaking to industry news outlet The Block, Cronje said that “only the attacker would know the answer to that question.”

The system was not supposed to be used

Eminence.Finance is the system that runs the economy for a gaming multiverse, but Cronje noted that the smart contracts and the ecosystem that they are a part of are not final. In fact, he deployed two batches of contracts yesterday alone, which is a testimony to the underground development process which results in rapidly changing and unrevised code becoming a part of the system.

Because of all of this, Eminence.Finance’s smart contracts contained major vulnerabilities which resulted in the hack being carried out. Cronje himself said that “the exploit itself was a very simple one.” He also warned the crypto community to not engage in such activity again in the future:

“Given some of the responses, let me be clear, do not use random contracts I deploy unless I reference it in a medium article. The contracts I deployed yesterday were purely for myself to engage with, both GIL and EMN are staging and will not be used.”

Still, at least one Twitter user insists that Cronje is responsible for user losses, as he should have deployed the contracts that he is working on to the Ethereum testnet. To which, another user answered:

“People threw their life savings in a random contract found on etherscan that had the same name as something Andre retweeted. And now he’s responsible? No no no, this is a fantastic lesson.”

Cronje is the developer behind Yearn.Finance, a major DeFi protocol that as Modern Consensus reported on Aug. 20 created the first token that ever eclipsed the price of Bitcoin. It reached its high on Aug. 31, breaking $39,000, according to CoinMarketCap.

The trust that Cronje earned from the crypto community may be the reason why people blindly sent their funds to the smart contracts that he deployed. One cryptocurrency influencer invested in Eminence and tweeted:

“I still have no idea what it does or what its purpose actually is, but hey if [Andre Cronje] is involved, I’ll degen in any day of the week.”

 You May Also Like

Adrian is a newswriter based out of Pisa, Italy. He's passionate about cryptocurrency, digital rights, IT, tech and futurology and likes to think about the future in a positive way.