YFI founder's incomplete DeFi protocol Eminence exploited, attacker drained $15M and then returned $8M

Quick Take

  • Eminence.Finance, the unfinished DeFi protocol by YFI founder Andre Cronje, was exploited Monday night.
  • The attacker drained $15 million from Eminence and then returned $8 million to YFI.
  • Here’s what went wrong. 

Eminence.Finance, the unfinished decentralized finance (DeFi) protocol by Yearn.Finance (YFI) founder Andre Cronje, was exploited Monday night.

The attacker drained $15 million from Eminence, deposited by users or so-called "yield farmers," and then returned $8 million to YFI.

It is not clear why the attacker return funds. "Only the attacker would know the answer to that question," Cronje told The Block.

The exploit occurred within a few hours of Eminence's Twitter page launch and retweets by Cronje.

What went wrong?

Eminence is a card gaming protocol being developed by Cronje, who built the viral DeFi project YFI. YFI popularized the concept of yield aggregation — farming yield from different lending protocols and optimizing for the maximum yield. YFI then returns the collected yield to depositors.

Within days of its launch, YFI became famous and the price of its native governance token shot up. Its market capitalization has surged to $787 million at the time of writing, according to CoinGecko. 

So when Cronje disclosed his another project Eminence, via retweets, yield farmers didn't seem to want to miss an opportunity and ended up depositing $15 million in the unfinished protocol.

"Just aped into $EMN," tweeted @ChainLinkGod, for instance. "I still have no idea what it does or what its purpose actually is, but hey if @AndreCronjeTech is involved, I'll degen in any day of the week."

Unfinished business 

Cronje said Eminence is at least three weeks away, which he disclosed only after the exploit took place. "Yesterday we finished the concept behind our new economy for a gaming multiverse. Eminence. As per my usual methodology, I deployed our staging contracts on ETH so we can continue developing on it," he said.

Cronje deployed smart contracts for Eminence, with "burn" and "mint" possibilities, meaning users could deposit funds and mint Eminence's native EMN token.

"Almost [$]15m was deposited into the contracts," said Cronje. "The contracts were exploited for the full [$]15m and [$]8m was sent to my yearn: deployer account."

Cronje termed the exploit as a "very simple one" — "mint a lot of EMN at the tight curve, burn the EMN for one of the other currencies, sell the currency for EMN."

One trader, for instance, lost $130,000 in one hour by depositing funds in Eminence. Here's how EMN tank:
Who's to blame?

While traders are ultimately responsible for any loss of funds deposited into unfinished and unaudited protocols, Cronje's actions, i.e., teasing about and retweeting Eminence's project before it is completed, could be held responsible, according to some members of the DeFi community.

"Andre deployed these contracts from the main 'Yearn Deployer' address. People watch his every move, every transaction. Why didn't he use an alternative, non-followed address to deploy/test if these were indeed just 'staging' contracts?," asked Mick Hagen, founder of Genesis Block.

"Just after he deploys the contracts, he starts RTing [re-tweeting] mysterious, FOMO [fear of missing out]-inducing teasers. The domain is theirs," said Hagen. "It all checks out. The hype is building. This train is leaving the station. No turning back. Anything Andre touches turns to gold. Degen mode activated."

Hagen said the situation could have been mitigated if Cronje didn't induce FOMO by retweeting teasers of his new gaming protocol.

Some other members of the crypto community shared similar thoughts, including Alex Krüger and "@CryptoMessiah."

"Given some of the responses, let me be clear, do not use random contracts I deploy unless I reference it in a medium article," said Cronje. "The contracts I deployed yesterday were purely for myself to engage with."

When asked whether Eminence would issue new tokens to depositors who lost money, Cronje told The Block: "I don't have a comment on that at this time."

According to a blockchain analyst, the attacker used an address that has interacted with centralized exchanges such as Huobi in the past. This could help recover the lost funds if third parties cooperate.


© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

AUTHOR

Yogita Khatri is a senior reporter at The Block and the author of The Funding newsletter. As our longest-serving editorial member, Yogita has been instrumental in breaking numerous stories, exclusives and scoops. With over 3,000 articles to her name, Yogita is The Block's most-published and most-read author of all time. Before joining The Block, Yogita wrote for CoinDesk and The Economic Times. You can reach her at [email protected] or follow her latest updates on X at @Yogita_Khatri5.

See More
Connect on

WHO WE ARE

The Block is a news provider that strives to be the first and final word on digital assets news, research, and data.

+ Follow us on Google News
Connect with the block on