It all started with a couple of retweets.
On Sept. 28, Andrew Cronje, the head honcho at Yearn Finance, retweeted graphic designs for a new project called Eminence, so described by Cronje as a decentralized finance (DeFi) protocol for a “gaming multiverse.” The game is allegedly a spin-off of a 2016 kickstarter trading card game called Eminence: Xander’s Tales and may incorporate non-fungible tokens (NFTs).
The retweets included graphic designs of the words “Spartan” and “Marine” (playful nods to the respective monikers given to the Synthetix and Chainlink fanbases) and was an “art teaser” meant to “showcase all the different clans in the game,” according to Cronje.
Cronje hit “Send” on the tweet and went to bed. When he woke up, he would find that the tweet was apparently enough of a signal for DeFi users to dump $15 million worth of DAI into the days-old protocol which, while on Ethereum’s mainnet, was still being alpha tested by Cronje and his team. Eminence didn’t even have a website to use as a front-end for trading; the first users instead swapped tokens directly with the Eminence smart contracts.
The same night, one user exploited Eminence’s code and drained the $15 million. Then, the same attacker returned some $8 million in DAI to a Yearn smart contract controlled by Cronje.
Now, not even 72 hours after the exploit, affected users have had a portion of their losses returned.
The debacle and subsequent bailout is not the first of its kind in DeFi. And it begs the question: Does the DeFi community learn from its mistakes?
Eminence 'hack' explained
The exploit itself, which was not even a hack, was simple enough.
The EMN tokens, generated by the Yearn Deploy smart contract, were distributed initially through a bonding curve, a novel token distribution scheme used by a handful of DeFi products. These bonding curves are smart contracts which “trade” tokens with end users, dispensing one in exchange for another.
For Eminence, users would deposit DAI into the smart contract and receive EMN in return. If the EMN is sent to the smart contract, it is burned and the user receives DAI in return.
You could also exchange EMN for five other tokens (eAAVE, eLINK, eYFI, eSNX and eCRV, all Eminence wrapped versions of the popular tokens with the same tickers). Doing so would burn the deposited EMN. Inversely, if you deposit these tokens into their respective bonding curve contracts, it is burned and you receive newly minted EMN.
To exploit these contracts, the attacker took out a flash loan for 15 million DAI from Uniswap and used this to buy EMN. He then traded and burned half this EMN for eAAVE, driving up EMN’s price. From here, he traded the rest of his EMN for DAI, traded his eAAVE to mint more EMN and then finally traded this EMN for DAI.
By the time the attacker was making these moves, someone had already deployed EMN trading pairs on Uniswap.
Yearn Finance’s response and token redistribution
Surprisingly, after all that effort, the attacker had a slight change of heart: They transferred $8 million in DAI to a Yearn Finance contract, which Cronje promptly sent to a Yearn multi-sig.
A handful of developers, one of whom works on Yearn, cooked up a way to distribute the DAI to users affected by EMN’s price crashing through the floor as a result of the exploit. DAI-denominated reparations are now being distributed to users who trade for EMN from the bonding curve contract and Uniswap.
“Receiving [the DAI tokens] felt like we were gifted a ticking bomb,” banteg, a Yearn core developer, told CoinDesk. He adding the team worked fast to distribute the funds lest the affected users get restless.
Banteg believes that most of the affected users were “in the loop” since half of the restitution was claimed within 19 minutes of the distribution contract being launched. Only $338,000 DAI has yet to be claimed, according to data banteg shared with CoinDesk.
Looking past the attacker’s bad behavior, the fiasco was exacerbated by two driving forces: trust and greed.
In his tweets, Cronje never said the Eminence protocol was ready. He didn’t even mention what the protocol was for. But a single retweet from the guy behind Yearn – that DeFi unicorn which surged in price from $31 to over $43,000 this year – was enough for traders to pile into Eminence’s token.
Yearning for another moonshot, intrepid Eminence users began interacting with the protocol before Cronje gave any signal it was ready for investors. He’s even tweeted caveats before this incident that anyone using his protocols should proceed with caution.
Cronje has since stated his intentions on Twitter to continue his work on Eminence, adding that he has roughly 100 contracts to test. He also cautioned the DeFi faithful to “wait for official announcements” before using them.
Still, some of the affected traders, reeling from their losses, weren’t ready to let Cronje off the hook.
“Why put unfinished code on mainnet to be tested?” one user chimed in. “The contract should have been on testnet.”
Others, like Delphi Digital’s Tom Shaughnessy, defended Cronje, affirming that “it’s not [his] fault that people degen into [his] work before it is finished.”
DeFi lessons hard-learned or hardly learned?
Indeed, so-called DeFi degens have a reputation of “aping” into smart contracts in search of gains before they are thoroughly vetted. Traders deposited several hundred millions worth of tokens into the yield farming protocol Yam Finance back in August, for instance, days before a bug in its unaudited code drove the token’s price into the ground.
More recently, traders deposited so many tokens into the then-unaudited SushiSwap contract that its volume surpassed Uniswap. Days later, SushiSwap’s creator dumped his developer’s share of SUSHI tokens for $13 million in ETH, only to return the sum in ETH to the SushiSwap treasury after a bout of guilt.
With this Eminence exploit and summary restitution now in the books, DeFi traders have another reason to be leery of unvetted protocols. But with the payback soothing their losses somewhat, perhaps this lesson may be forgotten once the next “big new thing” comes around.