Sunday, November 29, 2020
Home Decrypt News Hackers Drain $15 Million From ‘Unreleased’ Yearn Finance Project

Hackers Drain $15 Million From ‘Unreleased’ Yearn Finance Project

In brief

  • Hackers targeted a smart contract vulnerability in an upcoming project by Yearn founder Andre Cronje.
  • They managed to steal over $15 million; but returned $8 million to a wallet owned by Cronje.
  • The “test in prod” approach proved costly, as Cronje alleged received threats after the hack.

Experimental DeFi platform Yearn Finance cultists were hit with losses this morning after an unidentified hacker exploited a smart contract vulnerability in Eminence, an upcoming gaming project built by Yearn founder Andre Cronje.

The exploit allowed them to mint unlimited new tokens and steal over $15 million in the process. And yet, strangely, they would later return half the stolen crypto.

Known for his “I test in prod” approach—a meme reference to testing in production on the Ethereum mainnet instead of the testnet (as developers usually do)—Cronje teased the project’s logo last night over Twitter.

What followed later was a hallmark crypto move: The lack of information around the project did not stop speculators from rushing in; they purchased over $15 million worth of Eminence’s EMN tokens in under three hours, given its association to Cronje and his reputation as a trusted builder in the crypto space.

But then someone who actually read Eminence’s contracts discovered a flaw—a rogue function that would allow the hacker to mint unlimited EMN tokens, burn an equal amount of EMN tokens against another cryptocurrency, and sell that to those rushing in to buy EMN.

Needless to say, the hacker went ahead with the plan.

But what happened after that wasn’t a hallmark of crypto. The hacker then returned over $8 million of the stolen funds to Cronje’s own deployer contracts, which the developer promptly said would be returned to all those who rushed into buying EMN.

It didn’t, however, stop the threats that Cronje allegedly received for the losses suffered by the speculators.

“As I am receiving a fair amount of threats, I have asked to yearn treasury to assist with refunding the 8m the hacker sent. The multisig is safer and as such, I feel more comfortable with them having the funds. Funds will be returned to holders pre-hack snapshot,” said Cronje.

At press time, Cronje said he would continue to develop Eminence in the coming weeks; with a disclaimer this time, “Let me be clear, do not use random contracts I deploy unless I reference it in a Medium article.”

Or maybe just don’t test in prod?

Popular Articles

Bitcoin may see major price volatility at the start of December — Here's why

The price of Bitcoin (BTC) faces two crucial events on Dec. 1 right after the weekly and monthly candles close. The upcoming weekly candle...

Bitcoin: Why today is a good time to stack sats

For Bitcoin’s price, a pullback of 11% is not an unusual event. Call it weekend blues or price corrections, there have been even greater...

Bitcoin Breaks Past $18,000 As Rally Continues

Bitcoin’s (BTC) price today hit $18,000, an increase of 5% over the past 24 hours. Overall, the weekly price has increased by 0.74%, ending...

Tron, Ontology, FTX Token Price Analysis: 29 November

Bitcoin’s dominance was holding steady at the time of writing, with the same noting a figure of 62.92%. While the altcoin market appeared to...

No, You Can’t Buy Shares in Bitcoin

With bitcoin going through an extended bull-run, scammers and con artists have been on hand to exploit a general fear of missing out (FOMO)....

Can RippleNet bridge ‘local CBDCs’ efficiently? This exec thinks so

With the crypto-market rally finally gathering steam over the past few months, many expect the likes of Ripple to take the next step forward....