DeFi is one of the breakout crypto categories of 2020. Both yield farming and the grand game of “money legos” have been profitable, so much, that many people have been following every new protocol with intent and rapt attention. It’s reached ridiculous levels now though, when people sent about $16 million to a new project from Andre Cronje despite having absolutely no information about it. It wasn’t even formally launched.
When folks heard of a new, pre-release game economy engine called “Eminence,” which is the new Andre Cronje project we’re talking about, they piled in. And they lost their $16 million, hacked in a flash.
Hackers Return $8 million
Despite having received no information on the project by Andre (he had only tweeted an image), investors began pumping assets on this project. This turned out to be disastrous, as hackers exploited a bug in its smart contract and drained all $16 million worth of deposited assets. In a surprising turn of events though, the hackers (or hacker) returned $8 million back to the project.
Andre faced immense backlash and posted on Twitter saying that, “As I am receiving a fair amount of threats, I have asked the yearn treasury to assist with refunding the 8m the hacker sent. The multisig is safer and as such I feel more comfortable with them having the funds. Funds will be returned to holders pre-hack snapshot“.
Andre Cronje Responds To Backlash
What happened next was arguably the first pre-release hack in the history of DeFi. When people began to harass Andre for the money that was lost, he clarified that he had merely announced a project, not launched it. Andre took to Twitter and wrote, “Given some of the responses, let me be clear, do not use random contracts I deploy unless I reference it in a medium article. The contracts I deployed yesterday were purely for myself to engage with, both GIL and EMN are staging and will not be used“.
Cronje also explained that the exploitation of the network was simple in the sense that the attackers minted a lot of EMN at the tight curve, burnt the EMN for one of the other currencies and then sold the currency for EMN.
Clearly, folks should have been careful to not move money to a project with no working website, no launch announcement, and most importantly – no other information at all.