Andre Cronje’s unreleased project Eminence has been hacked for $15 million.
The crypto community went into yet another frenzy last night, as Andre Cronje's unreleased project became the focus of hundreds of users, who quickly bought $15 million of the mysterious $EMN token.
After some unexplained promotional tweets, users were keenly watching Cronje's account for any clues as to what was coming. As soon as the new contracts were deployed from the yEarn finance address, the game was on.
Hundreds of users joined in the crowd-sourced investigation project to try and understand what was going on, and how to profit.
Users linked the graphics from the eminence.finance Twitter account to an unfinished MMORG called Eminence, Xander's Tales.
You're hearing it here first, certified alpha leak, I smell the rebirth of an old card game with an NFT/DEFI twist... $ENM
Do some digging on "Eminence: Xander's Tales" and you'll find that @AndreCronjeTech even follows the lead artist for the project... 👀
More soon, follow me — Kiyo (@IslandKiyo) September 28, 2020
The contracts that had been deployed included the EMN token, which could be exchanged for other tokens such as eYFI, eAAVE, or eSNX. These tokens, plus the surprise launch, matched perfectly one of Andre's previous tweets about the upcoming yEarn finance project.
Trying to decide if we should do whitepaper-esque writeups to explain before launch, or just launch and surprise everyone? — Andre Cronje (@AndreCronjeTech) September 23, 2020
Cronje's reputation as a leading DeFi builder, combined with his promotion of the Eminence Twitter account, caused a full on frenzy, and $15 million flowed into the unexplained contract to be exchanged for EMN or one of the eTokens.
🚨 yearn system confirmed.
LAUNCHED AND SURPRISED EVERYONE.
JFC the madman is doing it again.
Despite the EMN token originating from a relatively flat bonding curve, many users were purchasing the tokens "second hand" from Uniswap, which led to a few hours of very profitable arbitrage for those who were comfortable interacting directly with the contract.
At around 04:00 UTC, the $15 million contained in the contract was suddenly drained.
@fifikobayashi wrote a short summary of how the attack took place.
- Use flash loan to mint EMN
- Manipulate EMN price downwards by burning EMN for eTokens
- EMN is based on a bonding curve, so when supply goes down, price goes down.
- Short EMN by burning the other half of the flashed EMN back into DAI, which was then inflated in comparison due to the curve-induced drop in EMN value.
Although hacks are certainly not unusual in crypto, what happened next certainly is.
Ethereum Transaction Hash (Txhash) Details | Etherscan
Ethereum (ETH) detailed transaction info for txhash 0x7bc97357364222207f1f011b22ad98ba78fcd3c25d3398346caa3928cdf4a4dd. The transaction status, block confirmation, gas fee, Ether (ETH), and token transfer are shown.
etherscan.ioEthereum (ETH) Blockchain Explorer
](https://etherscan.io/tx/0x7bc97357364222207f1f011b22ad98ba78fcd3c25d3398346caa3928cdf4a4dd) Theories are running wild about who was behind the hack, and why they would return any money, with some pointing the finger at the creators of Yearn Finance, and claiming it was an inside job.
So.. was it @bantg who ran multiple bots, inflated the SHIT out of #EMN (and more) to arb DAI and eventually dumped for the growing liquidity?https://t.co/vKOKs7IlxFhttps://t.co/rbb8H6c78Hhttps://t.co/V7ocyAQg0J@ChainLinkGod@AndreCronjeTechpic.twitter.com/9Dle86Yffy > — Spicetoshi (@Spicetoshi) September 29, 2020
Ultimately, those who deposited funds into the unaudited contracts are responsible for the loss of their money, however many have branded Cronje's promotion of the unfinished contract to be irresponsible, as the resulting FOMO could have easily been predicted.
One thing is for certain, a lot of people lost money last night.
Can we pour one out for our 🐋 whale brother here that spent $130,548 for $EMN 1.5 hours ago and just sold it recently for $368.https://t.co/5iVIHS93Pvhttps://t.co/GBUMc62Eqspic.twitter.com/jIa7WVwP6s > — fomosaurus 🦖 (@fomosaurus) September 29, 2020
Cronje claims to have received multiple threats regarding the lost funds, and has asked Yearn Treasury to assist with distributing the returned $8 million.
Despite this major setback, Andre continues to build, and released this tweet earlier today.
I am still building @eminencefi. I love the metaverse and metaconomy.
I am also going to continue deploying test contracts. I have over ~100 deployed contracts, of which probably >half have vulnerabilities.
Please wait for official announcements. — Andre Cronje (@AndreCronjeTech) September 29, 2020
Users can check their eligibility here (divide by 1e18)
rektHQ was not involved in the creation of this list, and no details are final.
Since we have received 8M DAI, we are working towards distributing them to the people who got rekt. I have finished the first version of the snapshot which uses bonding curve rates of EMN, eCRV, eLINK, eAAVE, eYFI, eSNX at block 10954410. It includes 3656 addresses. pic.twitter.com/dT3WryyGrD > — banteg (@bantg) September 29, 2020
Last night's proceedings were the culmination of several different events, attitudes, and concepts that have arisen over recent months.
Those who have FOMO'd into unaudited contracts have been rewarded well in the past, and although many on Twitter are keen to promote this style of "Chad" behaviour, perhaps it's time to rethink this style of surprise launch.
The previously unblemished reputation of the YFI developer has taken a hit, and we are now at what feels like a turning point in DeFi, where hopefully both developers and users can learn from this event.
Until then, we look forward to the real release of Eminence: Xander's Tales.
REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.
donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C
REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.
you might also like...
We can’t change the cards we are dealt, but we can change how we play the game. Players who are skilled enough to roll the dice in their favour can rewrite the rulebook, while others take a chance card and hope they don’t get rekt.
Throughout history, man has sought to distance himself from the ape. Four billion years have passed since we first emerged from the primordial soup, and now a new evolution has begun.
Flash loans, for better or worse, have incentivized a melting pot of talented coders of all manner of ethical fluidness to seek out untold fortunes. The concept of Flash Loan Arbing is not a sin and should never be held in such regard.