- DeFi protocols Cream Finance and Alpha Finance have been linked to a major attack.
- The attacker took over $37.5 million through a multi-step process involving a series of flash loans. They’ve started distributing the funds to various locations.
- Alpha Finance appears to be the root cause of the exploit. Both teams say that they’re investigating, with a post-mortem to follow.
Share this article
An attacker targeted DeFi protocols Cream Finance and Alpha Finance for a sum of $37.5 million earlier this morning.
Another DeFi Exploit
The DeFi space has suffered yet another attack.
This time, the DeFi protocols Cream Finance and Alpha Finance were affected. Though full details are yet to surface, it appears that the exploit was in Alpha Finance’s smart contracts.
Alpha Finance then posted their own announcement, pointing to the Alpha Homora V2 product as the root cause. They confirmed that they’re working with Andre Cronje and Cream Finance to investigate the incident, and that the loophole had been fixed. They also said that they “have a prime suspect” in mind.
The loophole has been patched.
We’re in the process of investigating the stolen fund, and have a prime suspect already.
— Alpha Finance Lab (@AlphaFinanceLab) February 13, 2021
Borrowing from Alpha Homora V2 has also been paused.
An Etherscan transaction shows that the attack was worth over $37.5 million. A large chunk of that sum was a loan of 13,244 ETH.
A trail of activity shows that they sent some ETH through Tornado.cash, a…