Another DeFi exploit: Cream Finance loses $37.5 million in a hack

Cream Finance, a multi-purpose DeFi project built on the Ethereum network, is the latest victim of a security breach.

The hacker made off with $37.5 million in Ether, USDC, USDT, and DAI.

IronBank attack

CREAM, an acronym for Crypto Rules Everything Around Me, acknowledged the hack in a social media post and is investigating.

We are aware of a potential exploit and are looking into this. Thank you for your support as we investigate.

— Cream Finance 🍦 (@CreamdotFinance) February 13, 2021

While the project is still investigating how it was exploited, analysts claim that the hacker used Alpha Homora to borrow sUSD from IronBank. Each subsequent borrow was double the previous one.

They did this in two transactions, lending the funds back into IronBank and then receive cySUSD.

After several cycles of borrowing and lending, their cySUSD became so high that they could borrow anything from IronBank.

This led them to borrow 13.2K WETH, 3.6 million USDC, 5.6 million USDT, and 4.2 million DAI.

About $400 million worth of FTT could have been stolen but was “saved” after being withdrawn instantly.

Post-mortem to follow

Cream Finance provided an update and the protocol said that “contracts and markets were investigated and found to be functioning as normal.

C.R.E.A.M. contracts and markets were investigated and found to be functioning as normal. Markets have been re-enabled across both V1 and V2.

Post mortem to follow.

— Cream Finance 🍦 (@CreamdotFinance) February 13, 2021

Alpha Finance Lab said that they have “been notified of an exploit on Alpha Homora V2” and are working with Andre Cronje and Cream Finance to find a resolution.

The loophole has been fixed and a prime suspect has been identified already.

Dear Alpha community, we've been notified of an exploit on Alpha Homora V2. We're now working with @AndreCronjeTech and @CreamdotFinance together on this.

The loophole has been patched.

We're in the process of investigating the stolen fund, and have a prime suspect already.

— Alpha Finance Lab (@AlphaFinanceLab) February 13, 2021

 

We will provide further updates.