Cryptocurrency DeFi Editor's Picks

Defi Protocols, Cream Finance and Alpha Finance Exploited for $37.5 Million

Defi Cream Finance Alpha Finance

DeFi Protocols Cream Finance and Alpha Finance were exploited for roughly $37.5 million after taking out a flash-loan. The attacker executed a multi-step process including a series of flash loans. They’ve started distributing the funds to various addresses. Cream Finance through their official accounts revealed that they suffered a “potential exploit” and are investigating the attack.

This attacker used multiple transactions to break-in Alpha Finance’s vaults and tricked people to believe that Cream’s Iron Bank was affected. Alpha Finance also posted its own announcement, mentioning that its Alpha Homora V2 product was the root cause of this attack. As soon as they found out about this attack, they confirmed working with DeFi guru Andre Cronje and Cream Finance to further examine the incident, and fix the loophole.

At the press time, Cream officially stated that its contracts and loan markets are functioning normally, and both V1 and V2 versions have been activated again. 

The research analyst at The block shared his findings on twitter soon after the incident. He analyzed the process of the exploitation of about $3,750 in funds from IronBank, a zero-collateralized loan introduced by Cream Finance. 

Per Frank researcher, the attacker borrowed sUSD from IronBank using Alpha Homora. The attacker was borrowing twice the debt issued previously by doing two transactions at a time, and every time they were lending funds back, they were receiving cySUSD. The attacker took a flash loan of $1.8M USDC from defi protocol Aave v2 and then used curve to swap USDC to sUSD. They further started lending funds to these sUSD to continue the process, and was receiving cySUSD. At last the attackers successfully acquired enough cySUSD using which they borrowed 13.2k WETH, 3.6M USDC, 5.6M USDT and 4.2M DAI.

Flash Loan Attacks Poses Major Threat to Defi

Flash loans have attracted considerable attention lately in the fast-growing DeFi sector. In a Flash loan scheme,users can borrow crypto without relinquishing any collateral as it is believed that the fund would be returned immediately. Flash Loan attacks can grab millions in one single transaction. It becomes easy for attackers as they no longer require to have any skin in the game and hence eliminates risk for attack. Many defi protocols have been targeted in the past few months. 

Cobo co-founder, Shenyu posted on Weibo yesterday, mentioning that the rough and fast DeFi development method represented by AC (YFI founder Andre Cronje) lacks regression testing, and its drawbacks are beginning to appear. It is worth mentioning that hacker attacks have occurred in many projects in the Year ecosystem. These include Pickle, SushiSwap, Year and today’s Cream.

Related posts

Bitcoin worth witnessed fluctuations around $10,000 but fell short in the end

Guest Author

Huobi and Solaris Offer Europe Crypto-to-Fiat Debit Cards

Jai Hamid

Crypto Saw an Additional 199m Users in the Past Year

Jai Hamid