• About Us
  • Privacy Policy
  • Contact Us
  • Home
  • Bitcoin
  • Ethereum
  • Cryptocurrency
    • Altcoin
    • Litecoin
  • Blockchain
  • Regulation
  • Market
  • Prices
  • ICO
No Result
View All Result
Cryptounfold
No Result
View All Result
Home Blockchain

DeFi Degens Hit by Eminence Exploit Recover Some Losses

by admin
October 1, 2020
in Blockchain
0
0
SHARES
5
VIEWS
Share on FacebookShare on Twitter


Related Posts

Market Wrap: Cryptos Decline Amid Choppy Trading, DeFi Tokens Underperform

Las criptomonedas deberían cumplir con las mismas normas que las finanzas regulares, dice el G7

Bitcoin Returns Above $30K; Resistance at $35K

Coinbase Co-Founder Fred Ehrsam Buys the Dip, Purchases $75M of Company Stock

It all started with a couple of retweets.

On September 28, Andrew Cronje, the head honcho at Yearn Finance, retweeted graphic designs for a new project called Eminence, so described by Cronje as a DeFi protocol for a “gaming multiverse.” The game is allegedly a spin-off of a 2016 kickstarter trading card game called Eminence: Xander’s Tales and may incorporate non-fungible tokens (NFTs).

The retweets included graphic designs of the words “Spartan” and “Marine” (playful nods to the respective monikers given to the Synthetix and Chainlink fanbases) and was an “art teaser” meant to “showcase all the different clans in the game,” according to Cronje.

Cronje hit send on the tweet and went to bed. When he woke up, he would find that the tweet was apparently enough of a signal for DeFi users to dump $15 million worth of DAI into the days-old protocol which, while on Ethereum’s mainnet, was still being alpha tested by Cronje and his team. Eminence didn’t even have a website to use as a front-end for trading; the first users instead swapped tokens directly with the Eminence smart contracts.

The same night, one user exploited Eminence’s code and drained the $15 million. Then, the same attacker returned some $8 million in DAI to a Yearn smart contract controlled by Cronje. 

Now, not even 72 hours after the exploit, affected users have had a portion of their losses returned. 

The rug pull and subsequent bailout is not the first of its kind in DeFi. And it begs the question: Does the DeFi community learn from its mistakes?

Eminence “hack” explained

The exploit itself, which was not even a hack, was simple enough. 

The EMN tokens, generated by the Yearn Deploy smart contract, were distributed initially through a bonding curve, a novel token distribution scheme used by a handful of DeFi products. These bonding curves are smart contracts which “trade” tokens with end users, dispensing one in exchange for another.

For Eminence, users would deposit DAI into the smart contract and receive EMN in return. If the EMN is sent to the smart contract, it is burned and the user receives DAI in return. 

You could also exchange EMN for 5 other tokens (eAAVE, eLINK, eYFI, eSNX and eCRV, all Eminence wrapped versions of the popular tokens with the same tickers). Doing so would burn the deposited EMN. Inversely, if you deposit these tokens into their respective bonding curve contracts, it is burned and you receive newly minted EMN.

To exploit these contracts, the attacker took out a flash loan for 15 million DAI from Uniswap and used this to buy EMN. They then traded and burned half this EMN for eAAVE, driving up EMN’s price. From here, they traded the rest of their EMN for DAI, traded their eAAVE to mint more EMN, and then finally traded this EMN for DAI. 

By the time the attacker was making his moves, someone had already deployed EMN trading pairs on Uniswap.

This process was repeated three times to net the hacker 15,015,533 DAI. A similar attack using a flash loan was executed against the bZx protocol in February.

Yearn Finance’s response and token redistribution

Surprisingly after all that effort, the attacker had a slight change of heart: They transferred $8 million in DAI to a Yearn Finance contract, which Cronje promptly sent to a Yearn multi-sig. 

A handful of developers, one of whom works on Yearn, cooked up a way to distribute the DAI to users affected by EMN’s price crashing through the floor as a result of the exploit. DAI-denominated reparations are now being distributed to users who trade for EMN from the bonding curve contract and Uniswap.

“Receiving [the DAI tokens] felt like we were gifted a ticking bomb,” banteg, a Yearn core developer, told CoinDesk. He adding that the team worked fast to distribute the funds lest the affected users get restless.

Banteg believes that most of the affected users were “in the loop” since half of the restitution was claimed within 19 minutes of the distribution contract being launched. Only $338,000 DAI has yet to be claimed, according to data banteg shared with CoinDesk.

Looking past the attacker’s bad behavior, the fiasco was exacerbated by two driving forces: trust and greed. 

In his tweets, Cronje never said that the Eminence protocol was ready. He didn’t even mention what the protocol was for. But a single retweet from the guy behind Yearn – that DeFi unicorn which surged in price from $31 to over $43,000 this year – was enough for traders to pile into Eminence’s token.

Yearning for another moonshot, intrepid Eminence users began interacting with the protocol before Cronje gave any signal that it was ready for investors. He’s even tweeted caveats before this incident that anyone using his protocols should proceed with caution.

Cronje has since stated his intentions on Twitter to continue his work on Eminence, adding that he has roughly 100 contracts to test. He also cautioned the DeFi faithful to “wait for official announcements” before using them.

Still, some of the affected traders, reeling from their losses, weren’t ready to let Cronje off the hook.

“Why put unfinished code on mainnet to be tested?” one user chimed in. “The contract should have been on testnet.”

Others, like Delphi Digital’s Tom Shaughnessy, defended Cronje, affirming that “it’s not [his] fault that people degen into [his] work before it is finished.”

DeFi lessons hard-learned or hardly learned?

Indeed, so-called DeFi degens have a reputation of “aping” into smart contracts in search of gains before they are thoroughly vetted. Traders deposited several hundred millions worth of tokens into the yield farming protocol Yam Finance back in August, for instance, days before a bug in its unaudited code drove the token’s price into the ground.

More recently, traders deposited so many tokens into the then-unaudited SushiSwap contract that its volume surpassed Uniswap. Days later, SushiSwap’s creator dumped his developer’s share of SUSHI tokens for $13 million in ETH, only to return the sum in ETH to the SushiSwap treasury after a bout of guilt.

With this Eminence exploit and summary restitution now in the books, DeFi traders have another reason to be leery of unvetted protocols. But with the payback soothing their losses somewhat, perhaps this lesson may be forgotten once the next “big new thing” comes around.





Source link

Tags: DeFiDegensEminenceExploitHitLossesRecover

Popular

Press Release

Knox Wire Uses Distributed Ledger Technology to Improve Real-Time Gross Settlement Service

by admin
March 26, 2022
0

Blockchain technology has infiltrated every industry in recent years, making them safer and more effective. Now, it has reached the...

Read more

Elimobile Launches the First Tokenized Telco, Partners with Elite Token to Create a Celebrity Powered Ecosystem

May 16, 2022

Users of "Fitcoin", A Mobile Fitness App, Are Rewarded for Staying Fit

May 16, 2022

Brainwashing! The hot music of tiktok was released by VOOPOO!

May 17, 2022

Crypto payment solution provider Fat Cat Killer is launching its token “Killer” on May 17, 2022

May 17, 2022

About

We publish a comprehensive news feed covering all news relevant to the crypto user, covering main industry news, politics and regulation as well as consumer-level “news you can use” (practical stuff), including handy DIY tips, links to useful tools, unbiased reviews and opinions revolving around cryptocurrency. Simple logic and real-world examples are preferred before technical jargon and personal rants.

Follow us

Categories

  • Altcoin
  • Bitcoin
  • Blockchain
  • Cryptocurrency
  • Ethereum
  • Litecoin
  • Market
  • Press Release
  • Regulation
  • Uncategorized

Recent Posts

  • Chubs Inu: The Next Cheems That Offers BUSD Rewards
  • XSTIK: Announcing the Ecosystem built on XRP ledger
  • CoinPoker $100,000 Exclusive Buy-in NLH: A Tournament Hosted by Tony G
  • The Stoned Ape Crew NFT Evolution is Live!
  • About Us
  • Privacy Policy
  • Contact Us

© 2020 cryptounfold.org

No Result
View All Result
  • Home
  • Bitcoin
  • Ethereum
  • Cryptocurrency
    • Altcoin
    • Litecoin
  • Blockchain
  • Regulation
  • Market
  • Prices
  • ICO

© 2020 cryptounfold.org

  • MMS Cash TokenMMS Cash Token(MCASH)$1.000.00%
  • bitcoinBitcoin(BTC)$49,095.002.28%
  • ethereumEthereum(ETH)$3,384.05-0.62%
  • HEXHEX(HEX)$0.1290085.45%
  • cardanoCardano(ADA)$2.18-2.77%
  • tetherTether(USDT)$1.00-0.27%
  • binancecoinBinance Coin(BNB)$425.46-0.83%
  • SolanaSolana(SOL)$166.52-1.81%
  • rippleXRP(XRP)$1.04-1.73%
  • usd-coinUSD Coin(USDC)$1.000.74%