The reckless investors of the decentralized finance (DeFi) projects had to pay a massive toll as $15 million in digital currencies were siphoned by the hackers from an unaudited project developed by Andre Cronje, the well-known creator of yearn.finance.
Dubbed as Eminence, Cronje was building a new in-game economy for the gaming multiverse. Though he stressed that the project was ‘at least +3 weeks away’ from being finished, its untested and unaudited version was launched on Uniswap.
“These contracts, nor the ecosystem are final, yesterday alone you will notice I deployed 2 separate batches of the contracts, this is my usual ‘test in prod’ process,” he wrote on Twitter.
Reckless DeFi Investors
Despite the clear disclosure, the investors started pumping assets on the project when Cronje was away. However, this turned out to be a disaster as hackers exploited the smart contracts and drained all $15 million worth of deposited assets.
Additionally, Cronje explained that the exploitation of the network was simple enough – the attackers minted “a lot of EMN at the tight curve, burn the EMN for one of the other currencies, sell the currency for EMN.”
The Rising Star of the DeFi Project, GIBXSwap, Passes CertiK Security AuditGo to article >>
However, the perpetrators sent $8 million back to Cronje’s yearn.finance developer account. The reason behind that is still unknown. He will send back these $8 million to the original holders based on the pre-hack snapshot.
As I am receiving a fair amount of threats, I have asked yearn treasury to assist with refunding the 8m the hacker sent. The multisig is safer and as such I feel more comfortable with them having the funds. Funds will be returned to holders pre-hack snapshot. https://t.co/wbputn5hYD
— Andre Cronje (@AndreCronjeTech) September 29, 2020
The DeFi ecosystem ballooned in recent months with over $11 billion in locked-in assets, as of press time. With this boom, more and more developers are bringing new projects, and investors are not hesitating to transfer their assets to these new unaudited platforms to gain multi-fold.
Apart from DeFi, Singapore-based centralized crypto exchange, KuCoin was hacked recently as $150 million in digital assets were taken out from its hot wallets.