The CREAM heist that we reported about in our recent altcoin news, cost the attackers $15,000 in transaction fees while the price of the token tanked 30% in an hour so let’s read further on the developments.
It seems that the attack was a flash loan attack type and Defi platforms are known to be susceptible to these types of attacks. The price of the CREAM token crashed to $193 in one hour after the CREAM heist caused by the flash loan exploit that managed to drain $37 million from the protocol. There was no official comment on the attack given by the platform but the team did tweet to announce their awareness of the potential exploit. About two hours later, Alpha Finance also announced it was a victim of an exploit.
Something is going on with $CREAM. Very likely an exploit. Be careful out there
— Larry Cermak (@lawmaster) February 13, 2021
In the analysis of the attack, crypto researchers Igor Igamberdiev noted that the hackers drained over $37.5 million in the attack that involved a flash loan attack and the hackers took out crypto loans from lending protocols and invested them into the Iron Bank platform. Iron Bank was upgraded to enable collateral-free borrowing from Alpha Finance so the exploiters received special derivatives tokens named cySUSD.
IronBank ($CREAM) was exploited on $37.5M, let’s take a quick look at what happened.👇
1/ Attacker used Alpha Homora for borrowing sUSD from IronBank.
Each time they borrow twice as much as in the previous one.
— Igor Igamberdiev (@FrankResearcher) February 13, 2021
The exploiters took out loans and got huge amounts of the tokens which are later able to be used to borrow anything from the IronBank as Igamberdiev noted. The exploiter was able to borrow 13,244 ETH and $3.6 million in US dollar USDC, $5.6 million in USDT, and $4.2 million in DAI which all amounts to $37 million. According to the blockchain trail, the 100 ETH were refunded to the Alpha protocol and Cream Finance, 320 ETH was sent to Tornado privacy tool and more are yet to repay the massive loans for the attack. The tracker even used 100 ETH to fund a Gitcoin grant on Tornado while he kept about $19.9 million for himself.
We are aware of a potential exploit and are looking into this. Thank you for your support as we investigate.
— Cream Finance 🍦 (@CreamdotFinance) February 13, 2021
The whole exploit cost $14,754 in ETH gas fees to pull off. Alpha Finance tweeted that the loophole was patched and that CREAM finance contracts and markets are still being investigated and are functioning as normal but this Is still a reminder of the precariousness of DeFi protocols. DeFi is susceptible to flash loan exploits since back in December the newly launched Warp Finance was taken for $7.7 million in a flash loan attack.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Credit: Source link