An unknown hacker has stolen over $15 million worth of cryptoassets from an unreleased decentralized finance (DeFI) project being built by Yearn.Finance founder Andre Cronje.
The exploit allowed the hacker to mint new tokens, and steal funds in the process. Andre Cronje is a controversial developer in the space for his “I test in prod” approach, which references testing smart contracts and decentralized applications on the Ethereum mainnet, instead of using the network’s testnet, meant for tests.
After Cronje teased the new, unfinished “economy for a gaming multiverse” project Eminence on social media, speculators started rushing to buy Eminence’s EMN tokens in order to be the first ones there, and presumably make a profit selling them to others at a later date. Eminence’s link to Cronje and his reputation were likely a factor.
The hacker then managed, however, to find a faction on the EMN smart contract allowing them to mint an unlimited amount of EMN tokens, burn an equal amount against another cryptocurrency, and sell that cryptocurrency to those who were rushing in to buy EMN.
Notably, the hacker then resent Cronje $8 million of the stolen funds, which the developer said were going to be returned to those who were buying EMN ahead of the exploit. On social media Cronje revealed he was “receiving a fair amount of threats,” and as such asked the Yearn Treasury to “assist with refunding the 8m the hacker sent.” Blockchain data shows he moved the funds.
The losses of those buying EMN were substantial. One cryptocurrency user acquired $130,000 worth of the cryptocurrency to, less than two hours later, sell the tokens for $368 after the exploit.
Cronje later on added he would continue to develop Eminence, but added a disclaimer asking users to “not use random contracts I deploy unless I reference it in a Medium article.”
Featured image via Pixabay.