YFI founder's incomplete DeFi protocol Eminence exploited, attacker drained $15M and then returned $8M

Quick Take

  • Eminence.Finance, the unfinished DeFi protocol by YFI founder Andre Cronje, was exploited Monday night.
  • The attacker drained $15 million from Eminence and then returned $8 million to YFI.
  • Here’s what went wrong. 

Eminence.Finance, the unfinished decentralized finance (DeFi) protocol by Yearn.Finance (YFI) founder Andre Cronje, was exploited Monday night.

The attacker drained $15 million from Eminence, deposited by users or so-called "yield farmers," and then returned $8 million to YFI.

It is not clear why the attacker return funds. "Only the attacker would know the answer to that question," Cronje told The Block.

The exploit occurred within a few hours of Eminence's Twitter page launch and retweets by Cronje.

What went wrong?

Eminence is a card gaming protocol being developed by Cronje, who built the viral DeFi project YFI. YFI popularized the concept of yield aggregation — farming yield from different lending protocols and optimizing for the maximum yield. YFI then returns the collected yield to depositors.

Within days of its launch, YFI became famous and the price of its native governance token shot up. Its market capitalization has surged to $787 million at the time of writing, according to CoinGecko. 

So when Cronje disclosed his another project Eminence, via retweets, yield farmers didn't seem to want to miss an opportunity and ended up depositing $15 million in the unfinished protocol.

"Just aped into $EMN," tweeted @ChainLinkGod, for instance. "I still have no idea what it does or what its purpose actually is, but hey if @AndreCronjeTech is involved, I'll degen in any day of the week."

Unfinished business 

Cronje said Eminence is at least three weeks away, which he disclosed only after the exploit took place. "Yesterday we finished the concept behind our new economy for a gaming multiverse. Eminence. As per my usual methodology, I deployed our staging contracts on ETH so we can continue developing on it," he said.

Cronje deployed smart contracts for Eminence, with "burn" and "mint" possibilities, meaning users could deposit funds and mint Eminence's native EMN token.

"Almost [$]15m was deposited into the contracts," said Cronje. "The contracts were exploited for the full [$]15m and [$]8m was sent to my yearn: deployer account."

Cronje termed the exploit as a "very simple one" — "mint a lot of EMN at the tight curve, burn the EMN for one of the other currencies, sell the currency for EMN."

One trader, for instance, lost $130,000 in one hour by depositing funds in Eminence. Here's how EMN tank:

Who's to blame?

While traders are ultimately responsible for any loss of funds deposited into unfinished and unaudited protocols, Cronje's actions, i.e., teasing about and retweeting Eminence's project before it is completed, could be held responsible, according to some members of the DeFi community.

"Andre deployed these contracts from the main 'Yearn Deployer' address. People watch his every move, every transaction. Why didn't he use an alternative, non-followed address to deploy/test if these were indeed just 'staging' contracts?," asked Mick Hagen, founder of Genesis Block.

"Just after he deploys the contracts, he starts RTing [re-tweeting] mysterious, FOMO [fear of missing out]-inducing teasers. The domain is theirs," said Hagen. "It all checks out. The hype is building. This train is leaving the station. No turning back. Anything Andre touches turns to gold. Degen mode activated."

Hagen said the situation could have been mitigated if Cronje didn't induce FOMO by retweeting teasers of his new gaming protocol.

Some other members of the crypto community shared similar thoughts, including Alex Krüger and "@CryptoMessiah."

"Given some of the responses, let me be clear, do not use random contracts I deploy unless I reference it in a medium article," said Cronje. "The contracts I deployed yesterday were purely for myself to engage with."

When asked whether Eminence would issue new tokens to depositors who lost money, Cronje told The Block: "I don't have a comment on that at this time."

According to a blockchain analyst, the attacker used an address that has interacted with centralized exchanges such as Huobi in the past. This could help recover the lost funds if third parties cooperate.


© 2024 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Yogita Khatri is a senior reporter at The Block, covering all things crypto. As one of the earliest team members, Yogita has played a pivotal role in breaking numerous stories, exclusives and scoops. With nearly 3,000 articles under her belt, Yogita holds the records as The Block's most-published and most-read author of all time. Prior to joining The Block, Yogita worked at crypto publication CoinDesk and The Economic Times, where she wrote on personal finance. To contact her, email: [email protected]. For her latest work, follow her on X @Yogita_Khatri5.