Officially: Leverage liquidity protocol Alpha Homora and IronBank was the victim of a $37.5 million exploit

Recently, the DeFi Alpha Homora project encountered a bad event when a hacker successfully pulled out over $ 37 million by leveraging the Cream’s Iron Bank protocol-to-protocol lending platform.

An attacker successfully drained over $ 37 million from Alpha Homora by leveraging Cream’s Iron Bank protocol-to-protocol lending platform

Alpha Finance Lab announced on Twitter this morning that they were aware of an attack, that the loophole that allowed it had been patched, and that the team had a prime suspect:

It is known that a hacker used Alpha Homora to borrow and lend many times with Iron Bank. Since then the project allows leveraged lending.

Some analysts have speculated that a faked spell is what enabled the exploit:

This fake spell/contract exploit conceptually echoes the evil jar attack on Pickle Finance that netted an attacker $ 20 million late last year. In both cases, the exploited protocols errantly responded to faked contracts. Shortly after the successful exploit, the attacker tipped the Alpha and Iron Bank deployers 1,000 Ethereum each, and also made a Gitcoin donation.

Cream Finance said in a statement on Twitter that the exploit Iron Bank would not affect any of their other contracts and that their currency markets were working properly:

Will users be compensated in the case of protocols that cannot force hackers to return the money? Remember Yearn.Finance.

The Yearn.Finance team and MakerDAO set a precedent with “DAOs bailing out DAOs” last week when MakerDAO allowed for the creation of a custom-built collateralized debt position from Yearn’s newly-minted treasury.

Although the mining size was greater than the $ 11 million endured by Yearn, some have speculated that Alpha will also print tokens to cover the loss – and some traders and institutions have decided. taste me for such dilution.

Intrepid chain activity monitors noticed that Three Arrows Capital sent over $ 3 million in ALPHA tokens to Binance this morning, possibly with the intention of selling:

Currently, ALPHA, the protocol’s administrative token is at a loss, down 20% to $ 1.94; CREAM, the administrative token of the mining-enabled protocol, dropped 16% to $ 220. Additionally, AAVE, the administrative token of the protocol miners used for an instant loan, fell by 5 % down to $ 499.

DeFi is susceptible to flash loan exploits like this. In a notable case before Christmas, the newly launched Warp Finance DeFi platform was taken for $7.7 million in stablecoins in another flash loan attack. And in one attack against crypto lending platform Compound, exploiters took home $89 million.

It’s clear, then, that more work needs to be done to prevent crypto from leaking out of the DeFi bucket.

Read more:

Join us on Telegram

Follow us on Twitter

Follow us on Facebook

You might also like