Eminence Refund - Do or DAI

With his hand forced by threats from community members, Andre Cronje and team have quickly taken action to refund the $8M that was mysteriously returned after the EMN contract was exploited for $15M on the 29th September.

Why would anyone return $8M?

This was a sophisticated hack that probably took days of work, why would they choose to return half the money only a few minutes later?

Is it possible that Yearn knows the identity of the attacker?

If you were the hacker, would you rather have $15M and be doxxed, or $8M, and enjoy your life in peace?

These are just some of the questions that the community is asking after the dramatic exploit and refund on September the 29th.

A full analysis of the three transactions involved in the exploit can be found below.

Transaction 1 Sep-29-2020 01:20:41 AM +UTC

Transaction 2 Sep-29-2020 01:22:28 AM +UTC

Transaction 3 Sep-29-2020 01:23:28 AM +UTC

The return transaction came 8 minutes later.

Return Transaction Sep-29-2020 01:31:04 AM +UTC

There are several theories about who was responsible for the heist, and some are debating whether this was really a hack, or just an exploit of unfinished code.

@mierzwik wrote this article on the bot responsible (0x762bfbd), which shows how the bot stole 400 UNI one week prior to the EMN attack.

@frankresearcher has since done some great work investigating the same wallet used in the hack / exploit.

Read the rest of Frank’s tweets here. He goes on to hypothesise the role of various addresses involved in the hack / exploit.

Frank’s hypothesis based on on-chain data:

0x223034e = $ENM hacker

0x762bfbd = the contract from which the hacker withdrawn $UNI

0x2d033fe = address of creator of 0x762bfbd

0x2f14f72 = address which funded creator (very likely one owner)

This is an on-going investigation, subscribe now and we’ll keep you up to date.

In what he described as an “elegant solution” Yearn developer @bantg used the Uniswap LP distribution code and a merkle tree implementation to refund the money.

Milkyklim created a similar yYFI refund solution for those who claimed from the yYFI contract between blocks 10923319-10954777 and suffered from a 5% fee issue.

Once the refunds were made available on youreminence.finance, refunds were distributed at a rate of $250,000 per minute.

This resulted in half of the $8 million refund being claimed in just 20 minutes.

In a sharp contrast to the amount of focus and work put into creating this snapshot refund, it appears many users did not pay enough attention when claiming their refund, and simply copied banteg’s screenshot, resulting in donating their full claim straight back to banteg and team.

100% tip for 340 DAI

100% tip for 66.9 DAI

100% tip for 993.3 DAI

100% tip for 263.1 DAI

The full list of tip transactions can be found here

Some have questioned why this option of returning the claim as a 100% tip was made available, when it could have been capped at 10 or 20%.

Interestingly, those who benefitted the most from the refund left the smallest percentage of tips relative to their claim.

Greedy whales... Here are some more figures on the DAI claims and donations through youreminence.finance, courtesy of Alphaleakers.
rektHQ is by and for the community. We’re very grateful for the community members who have reached out to us in recent days offering their knowledge and support. We are here to present your stories and opinions, we will protect your identity and promote your story, placing honesty and accuracy above all else.

The following opinion pieces are from anonymous community members. rektHQ has a lot of respect for those who have contributed their thoughts and information to today’s article. Our inbox remains open and anonymous for anyone who wishes to contact us.

As always, rektHQ takes no responsibility for the content or opinions presented in this newsletter.


I'm not a fan of the $8M refund from two perspectives.

Firstly because of the threats made to Andre in the lead up to him asking the yearn treasury to assist with refunding the $8M. I haven't seen the nature of the threats but going through with the refund sets a very dangerous precedence where it reinforces the notion that threatening project members is a viable course of action to get your desired outcome.

The second perspective is obviously the moral hazard aspect which has been discussed at length already on CT. Austrian economists love to use the term “moral hazard” when describing interventionism, which in DeFi layman's terms refers to degens degen'ing on more and more risky and unaudited projects because they 'expect' to be partially bailed out in situations such as these. This type of risk transfer certainly exists in the real world where major banks have an expectation for the federal government to bail them out if they land on hard times. But do we really want to replicate this in the DeFi space?

Whoever exploited EMN displayed great initiative and ingenuity, but more importantly he/she essentially shared a blueprint on how to carry out a simple yet lucrative attack and divert attention back to the very project that they attacked, letting them take on all the misguided anger and threats. We may even start seeing this become the new norm for exploiters to tip the systems they've just gamed, akin to an unspoken code of conduct among thieves.

Wherever this latest incident takes us in the coming weeks, it's worth considering the message it's sending out to all the bad actors in this space or even the neutral ethically-fluid ones watching these perpetrators get away with it, time after time, with absolute impunity.


On the technical side, I think the implementation was a bit unfleshed out as it was deployed on testnet first.

Admittedly it's still relatively hard to fork mainnet and run locally to have uniswap, balancer or bonding curve testing so I can understand the “test as much as possible” but real testing happens in prod...

However that narrative opens the ground for shit developers and scammers, which given the amount of “Uniswap” rug pulls recently is awful.

I mean in hindsight it was and wasn't Andre's fault, considering there is so much hype around him that it was even a plausible idea that it could have happened.

I mean there's only so much you can cognitively think about when developing, you're more focused on the project roadmap rather than these extra degen defi risks that admittedly are still emerging.

Team or not working behind this, it'd still be the same issue

I guess the timing was a bit messed up re: communications, people like to not keep so many communication lines especially with how many new devs have joined the $YFI community...

Andre retweeted the photo then people started to create a conspiracy about surprising everyone.

Personally I was under that impression too, it's just crypto culture being so twisted, people like puzzles and anonymity, quite to its own detriment but that's my bias.

Refund wise, it shows that the project will still be continued in good faith.

It also shows that there is a human touch to all of these high TVL degen actions.

People risk a lot in general, it doesn't matter what space or asset class.

You can't fault people for returning an exploiter's funds to those #halfrekt, just as much as you can't fault the exploiter for returning half the funds in the first place.

I'm technically not on Andre's level and had a hunch that this could have been rug pulled before going to sleep but really, it was just a whole narrative of chance.

Everyone just really needs to sleep more.

share this article

REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.

donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C


REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.