Cream Finance or Iron Bank has become the latest defi protocol to fall victim to an exploit that possibly leads to a $37.5 million heist. The official Twitter handle of the protocol the issue and said that they were looking into it.
We are aware of a potential exploit and are looking into this. Thank you for your support as we investigate.
— Cream Finance ???? (@CreamdotFinance) February 13, 2021
The attacker managed to exploit a loophole for drawing loans and used Alpha Homora to draw sUSD from the collateral debt position. The hackers kept withdrawing loans larger than the previous one and used two transactions at a time whereas soon as they received the loan they used to send it back into the platform receiving cyUSD. The hacker managed to get a $1.8 million USDC loan from Aave v2 and since they were simultaneously sending back the drawn loan the cycle continued.
The hackers kept repeating this cycle until they hoarded enough cyUSD to borrow anything from the platform. In the end, the hacker borrowed,
- 13.2k WITH
- 3.6M USDC
- 5.6M USDT
- 4.2M DAI
The Hacker Still Holds 11k ETH in the Wallet
The hacker finally used the withdrawn amount of ETH and other tokens to fill the Aave v2 collateral debt position with stablecoins to return the loan that included,
- 1k ETH to IronBank deployer,
- 1k ETH to Homora deployer,
- 220 ETH to Tornado,
- 100 ETH granted to Tornado
Nearly 11k ETH remains on the exploiter balance now. This would mark another sophisticated exploit on a defi protocol which had increased significantly in 2020 as the popularity of the Defi ecosystem grew. Every other week one or the other defi protocol was hacked for millions where in some cases the stolen funds were returned however in most the exploiter got away with millions.
The Alpha Finance lab whose protocol was used for the exploitation has claimed that the breach had been patched. The firm has suspended any active position on Homora v2. The firm said, Users can’t borrow more funds from Alpha Homora v2 = no new leveraged positions and borrow on existing positions.
Users can't borrow more funds from Alpha Homora v2 = no new leveraged positions and borrow on existing positions.
V1 is safe and operational.
We're on full alert and working with @samczsun & many trusted builders to investigate the issues thoroughly.
A post mortem to follow.
— Alpha Finance Lab (@AlphaFinanceLab) February 13, 2021
“V1 is safe and operational We’re on full alert and working with @samczsun & many trusted builders to investigate the issues thoroughly. A post mortem to follow.”
- “At Some Point There’ll Be A Flash Crash” Says Gold Bull Peter Schiff
- Binance And FTX Worst Hit Exchanges As Losses Climb Almost Two Billion Combined
- Bitcoin S2F Founder says Current dip cannot stop Bitcoin from Adding Another Zero
- Football Clubs Look To Mine Cash Revenue With Crypto Offerings
- Fed Readying To Launch The US Crypto Policy? White House Directs Agencies To Prepare Report
- Here’s Why You Should NOT Yet Buy the Bitcoin Dip, Miner Capitulation Ahead?
- MicroStrategy (MSTR) Stock On Free Fall As SEC Rejects Its Bitcoin Accounting Strategy
- Second Consecutive Crash Day Extends Investor Loses Over $350 Billion, El Salvador Buys the Dip
- DeFi’s Liquidation Volume Hits $34.33 M ATH, The Highest Since Last year’s December
- Portugal opens First Physical Store for Buying and Selling of Bitcoin
- Solana Creeps Higher, Looks To Revisit January Highs AT $177.0
- Ethereum Price Analysis: Fibonacci Retracement level 0.618 Triggers Recovery Rally In ETH Coin
- BTC Price Analysis: Death Crossover Brings Nightmares On Satoshi Street; Is This A Buying Opportunity?
- Bitcoin Death Cross Haunting Investors, Will BTC Make or Break?
- DOGE Price Analysis: Highly Influential Bearish Trendline Undermines Bullish Attempts; Buy, Sell Or Hold?
- Terra Price Analysis: Will LUNA Price Bounce Back at 0.382 Fibonacci Retracement?
- SAND Price Analysis: Sandbox Price Losses 50% Retracement Level, Good Time to Buy?
- LINK Price Analysis: Chainlink price reclaims 200-day EMA, Emerging trendline Suggests More Upward Price Movement
- Harmony Price Analysis: Rising Parallel Pattern Could Lead 30% Growth In $ONE Price
- Ripple Price Analysis: XRP Bears Struggle To Breach $0.7 Support Zone, Is A Reversal Next Move?