Eminence Finance Hack - September 28, 2020
Overview
An unidentified hacker exploited a smart contract vulnerability in Eminence (EMN), an upcoming gaming "multiverse" project being built by Yearn founder Andre Cronje. The exploit allowed the attacker to mint unlimited new tokens and drain over $15 million.
How It Happened
Speculators (DeFi degens) piled into the unreleased EMN contract — purchasing over $15 million worth of EMN tokens in under three hours, simply because the contract had been deployed by Cronje and his name carried strong reputation in the crypto space.
The hacker then exploited the bonding curve / contract design used by the deployed (but unfinished) EMN token to mint a massive amount of EMN, then burned those EMN against the curve and looped through Aave and Uniswap to extract DAI / other assets, walking away with ~$15M.
Attack Vector / Steps
1. Cronje deployed unfinished Eminence contracts; degens speculated by buying EMN
2. Attacker took out a flash loan to fund the attack
3. Used the loan to mint a large quantity of EMN through the bonding-curve mint function
4. Burned the EMN back into the curve at the inflated price
5. Looped via Aave / Uniswap to extract the value as DAI
6. Walked away with ~$15M of value
The Strange Twist
The hacker then returned over $8 million of the stolen funds to Cronje's own deployer contracts. Cronje announced that this $8M would be returned to all those who rushed into buying EMN.
Cronje's Response
• Cronje pushed funds to the Yearn multisig (safer storage)
• Refunds distributed to holders based on a pre-hack snapshot
• Cronje emphasized that neither Eminence's contracts nor ecosystem were final, and that he wasn't planning on releasing the project for at least another three weeks at the time of the deployment
Financial Impact
• Total drained: ~$15 million
• Returned by attacker: ~$8 million (refunded to victims)
• Net loss: ~$7 million
Sources