Yearn Finance (YFI) Deploys NFTs Venture Eminence, Gets Exploited Within Hours

The Yearn Finance (YFI) introduced a new Non Fungible Tokens (NFTs) focused venture Eminence on Sep 28, adding to a list of mostly DeFi related products. Introduced on Twitter through a cryptic account eminence.finance (@eminencefi), it didn’t even have a proper website / front end or UI yet, but the smart contracts held over 14 millions dollars, in a short time. However, it got exploited within hours, through flash loan and inifitebug, essentially rebasing to 0!

pic.twitter.com/tV9LSzPXlV
— eminence.finance (@eminencefi) September 28, 2020

Though it wasn’t officially announced initially by the yearn.finance team, the association between both projects was confirmed by the fact that the Eminence (EMN) smart contract was sent from the yearn deployer – the official executor of the YFI-suite of tools. Also, the above mentioned introductory tweet was retweeted by Andre Cronje – the YFI founder!

Eminence Creation Contract - Etherscan non fungible tokens nfts — Eminence Creation Contract – Etherscan

Eminence (EMN) Exploit

However, merely after hours of being introduced. Eminence (EMN) contract was drained off funds using the flash-loan and inifitebug exploit. Surprisingly, after the exploit $8M was sent back to the yearn deployer contract. The exploit saw the hacker minting a lot of EMN at the tight curve, burning the EMN for other cryptocurrency and then sell the currency for EMN again.

A tweet thread from @AndreCronjeTech confirmed the experimental nature of the project and that it was still some time away from being operational.

1/x First, the data;

1. Yesterday we finished the concept behind our new economy for a gaming multiverse. Eminence. As per my usual methodology, I deployed our staging contracts on ETH so we can continue developing on it.

2. Eminence is at least ~3+ weeks still away
— Andre Cronje (@AndreCronjeTech) September 29, 2020

He also confirmed that the contract was officially deployed, related to a NFT based blockchain game still in production, exploited for full $15M and $8M was sent back to the deployer.

3/x 5. We posted the first clan "Spartans". And I went to bed.

6. Around ~3AM I was messaged awake to find out a) almost 15m was deposited into the contracts b) the contracts were exploited for the full 15m and c) 8m was sent to my yearn: deployer account.
— Andre Cronje (@AndreCronjeTech) September 29, 2020

The further continuation of the project or compensation to the existing holders remains unclear at this point. This is a developing story, so more details can emerge in the future.