Cream Finance Drained of $37.5 Million in Major Exploit

Key Takeaways

  • DeFi protocols Cream Finance and Alpha Finance have been linked to a major attack.
  • The attacker took over $37.5 million through a multi-step process involving a series of flash loans. They’ve started distributing the funds to various locations.
  • Alpha Finance appears to be the root cause of the exploit. Both teams say that they’re investigating, with a post-mortem to follow.

Share this article

An attacker targeted DeFi protocols Cream Finance and Alpha Finance for a sum of $37.5 million earlier this morning. 

Another DeFi Exploit

The DeFi space has suffered yet another attack. 

This time, the DeFi protocols Cream Finance and Alpha Finance were affected. Though full details are yet to surface, it appears that the exploit was in Alpha Finance’s smart contracts. 

The Cream team confirmed that it was investigating “a potential exploit” on Twitter earlier this morning, then went on to say that its contracts were “functioning as normal.” 

Alpha Finance then posted their own announcement, pointing to the Alpha Homora V2 product as the root cause. They confirmed that they’re working with Andre Cronje and Cream Finance to investigate the incident, and that the loophole had been fixed. They also said that they “have a prime suspect” in mind.

Borrowing from Alpha Homora V2 has also been paused.

An Etherscan transaction shows that the attack was worth over $37.5 million. A large chunk of that sum was a loan of 13,244 ETH. 

Source: Etherscan

A trail of activity shows that they sent some ETH through Tornado.cash, a…

Read More