Hackers Drain $15 Million From ‘Unreleased’ Yearn Finance Project
A smart contract vulnerability allowed hackers to mint unlimited tokens and sell those for millions of dollars—before returning half the funds to Yearn founder Andre Cronje.
Experimental DeFiDeFi platform Yearn Finance cultists were hit with losses this morning after an unidentified hacker exploited a smart contractsmart contract vulnerability in Eminence, an upcoming gaming project built by Yearn founder Andre Cronje.
The exploit allowed them to mint unlimited new tokens and steal over $15 million in the process. And yet, strangely, they would later return half the stolen crypto.
Known for his “I test in prod” approach—a meme reference to testing in production on the Ethereum mainnet instead of the testnet (as developers usually do)—Cronje teased the project’s logo last night over Twitter.
What followed later was a hallmark crypto move: The lack of information around the project did not stop speculators from rushing in; they purchased over $15 million worth of Eminence’s EMN tokens in under three hours, given its association to Cronje and his reputation as a trusted builder in the crypto space.
Yam Finance, a yield farmers paradise which aggregated $600M in TVL in less than 48 hours, will direct 1% of its future treasury to Gitcoin Grants’s public goods funding upon its forthcoming V3 migration.
Inspired by a community tweet, Gitcoin CEO Kevin Owocki took to the governance forum to propose that Yam’s bountiful treasury, which had previously aggregated $500k in V1 before being lost to a bug, “pass it along” to the Tech Grants category.
It wasn’t obvious that the community would decide...
But then someone who actually read Eminence’s contracts discovered a flaw—a rogue function that would allow the hacker to mint unlimited EMN tokens, burn an equal amount of EMN tokens against another cryptocurrency, and sell that to those rushing in to buy EMN.
Needless to say, the hacker went ahead with the plan.
4/x 7. The exploit itself was a very simple one, mint a lot of EMN at the tight curve, burn the EMN for one of the other currencies, sell the currency for EMN.
But what happened after that wasn’t a hallmark of crypto. The hacker then returned over $8 million of the stolen funds to Cronje’s own deployer contracts, which the developer promptly said would be returned to all those who rushed into buying EMN.
It didn't, however, stop the threats that Cronje allegedly received for the losses suffered by the speculators.
“As I am receiving a fair amount of threats, I have asked to yearn treasury to assist with refunding the 8m the hacker sent. The multisig is safer and as such, I feel more comfortable with them having the funds. Funds will be returned to holders pre-hack snapshot,” said Cronje.
Cryptocurrency was supposed to be anonymous; a way to transfer money without banks and governments. It’s the currency of choice for whistleblowers and privacy advocates. But the promise of secrecy has also enticed countless crypto scammers, thieves and fraudsters, who try to profit at other people’s expense.
And because blockchain is anonymous, their crimes can’t come back to haunt them, they thought. They were dead wrong. An industry of private crypto forensic investigators has sprung up, ofte...
At press time, Cronje said he would continue to develop Eminence in the coming weeks; with a disclaimer this time, “Let me be clear, do not use random contracts I deploy unless I reference it in a Medium article.”
Given some of the responses, let me be clear, do not use random contracts I deploy unless I reference it in a medium article.
The contracts I deployed yesterday were purely for myself to engage with, both GIL and EMN are staging and will not be used.
GMX, a cross-chain decentralized exchange specializing in perpetual futures trading, warned on Wednesday that an initial version of its platform was exploited.
Roughly $40 million worth of tokens were siphoned from GMX V1, which debuted on the Ethereum layer-2 scaling network Arbitrum in 2021, to an unknown wallet, GMX said on X. In response, GMX V1 trading was disabled, alongside the minting and redeeming of GMX’s GLP token on Arbitrum and the layer-1 network Avalanche, GMX said.
GMX was recent...
Vladimir Tenev, co-founder and CEO of Robinhood, has outlined the platform’s intent to list “thousands” of private companies as tokenized stocks. The statement follows controversy regarding its tokenized stocks for private firms OpenAI and SpaceX. The ChatGPT creator went so far as to publicly denounce the offering.
Private companies are not publicly traded on stock exchanges. The firms typically attract investment from founders, venture capitalists, private equity firms, and also sometimes ange...
Solana launchpad Pump.fun has been the center of the meme coin ecosystem ever since it launched in January 2024. But on Sunday, LetsBonk became the first Solana launchpad to ever flip it for daily tokens created.
Over the past 24 hours, according to Dune data, Pump.fun was responsible for the creation of 9,249 tokens, while LetsBonk launched 19,620.
“Going over the [more than $200,000] BONK runners in the last 24 hours it seems like most are organic,” Dune dashboard creator Adam Tech tweeted. “L...