Alpha Finance Exploited in $37.5 Million Attack

2021-2-14 12:30

An attacker targeted DeFi protocol Alpha Finance for a sum of $37.5 million earlier this morning. The exploit was found in the protocol’s Alpha Homora V2 product—not Cream Finance, as many suspected. 

Another DeFi Exploit

The DeFi space has suffered yet another attack. 

This time, it involved Alpha Finance. Though full details are yet to surface, it appears that the exploit affected the protocol’s Alpha Homora V2 product.

Initially, members of the DeFi community pointed to Cream Finance as the root cause of the incident, though the Cream team confirmed that its contracts were “functioning as normal.” Alpha Homora integrates Cream, which led to confusion. 

Alpha Finance then posted their own announcement, pointing to the Alpha Homora V2 product as the exploit’s origin. They confirmed that they’re working with Andre Cronje and Cream Finance to investigate the incident, and that the loophole had been fixed. They also said that they “have a prime suspect” in mind.

Dear Alpha community, we've been notified of an exploit on Alpha Homora V2. We're now working with @AndreCronjeTech and @CreamdotFinance together on this.

The loophole has been patched.

We're in the process of investigating the stolen fund, and have a prime suspect already.

— Alpha Finance Lab (@AlphaFinanceLab) February 13, 2021

Borrowing from Alpha Homora V2 has also been paused.

An Etherscan transaction shows that the attack was worth over $37.5 million. A large chunk of that sum was a loan of 13,244 ETH. 

Source: Etherscan

A trail of activity shows that they sent some ETH through Tornado.cash, a privacy solution that helps Ethereum users conceal their transaction history. They also appear to have sent 1,000 ETH to both the Alpha Finance Lab deployer and Cream Finance deployer. 

The attack was carried out through a complex multi-step process that suggests the perpetrator was an experienced DeFi native. They used the Alpha Homora protocol, which integrates Cream, to borrow sUSD. They then lent these funds back to Iron Bank to receive cySUSD. They also took out large flash loans from Aave to increase their cySUSD holdings. With that, they were able to borrow the 13,244 ETH, $4,263,139 worth of DAI, $3,997,921 worth of USDC, and $5,647,242 worth of USDT. 

They deposited some funds to Aave, 1,000 ETH to Iron Bank and Alpha Homora, and sent 320 ETH to Tornado.cash. That leaves just under 10,925 ETH in their wallet, worth roughly $20 million. Their funds can be viewed on Etherscan. They did it all for a transaction fee of 0.67 ETH, around $1,274. 

The native tokens of both Cream Finance and Alpha Finance have tanked following the news. ALPHA has been particularly hard hit—it’s down 22% at the time of writing, trading at $1.82.

Full details surrounding the attack are yet to emerge. Both Cream Finance and Alpha Finance have confirmed that they’ll share post-mortem reports soon.

Alpha Finance is one of DeFi’s leading protocols, alongside Cream Finance. The attack is yet another case study that shows DeFi is still in its nascent stages. As such, experimenting with this technology is highly risky. 

Editor’s note: This is a developing story. More updates will be posted as they come.

Disclosure: At the time of writing, the author of this story owned ETH and ALPHA. 

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Alpha Token (A) на Currencies.ru

$ 0.0108457 (-0.10%)
Объем 24H $353
Изменеия 24h: 51.41 %, 7d: 250.96 %
Cегодня L: $0.0108457 - H: $0.0108457
Капитализация $210.559k Rank 2244
Цена в час новости $ 0.0043824 (147.48%)

million attack finance exploited alpha

million attack → Результатов: 126


Foxconn Ransomware Attackers Demanded $35 Million Payment In Bitcoin (BTC) to Decrypt Files

According to reports from BleepingComputer, Foxconn, one of the largest electronic companies in the world, was faced with a ransomware attack by a popular hacking group, DopperPaymer. The report confirms the hack was first noticed on November 29th when the hackers gave the company 3 days to make a ransom payment to an unknown wallet […] The post Foxconn Ransomware Attackers Demanded Million Payment In Bitcoin (BTC) to Decrypt Files first appeared on BitcoinExchangeGuide.

2020-12-9 21:19


Yearn Finance Consumes Pickle Without Governance Vote

The move follows a hack over the weekend that resulted in the loss of $20 million in stablecoins, however, the community had no say in the decision. Yearn Finance has partnered, or rather absorbed, Pickle Finance in an effort to increase rewards for stakers and reimburse some of the victims of the flash loan attack … Continued The post Yearn Finance Consumes Pickle Without Governance Vote appeared first on BeInCrypto.

2020-11-26 17:13


Nearly $20M Drained from DAI Pickle Jar in A ‘Very Complicated Attack’ on its Latest Version

Deposits in the DeFi project Pickle Finance have come down to $23.6 billion from $163 million on Nov. 5th and an all-time high of $344.5 billion on 16th Sept. So, the decline that came after the exploit the project experienced over the weekend didn’t affect it much, as the funds are around the level they were […] The post Nearly M Drained from DAI Pickle Jar in A ‘Very Complicated Attack’ on its Latest Version first appeared on BitcoinExchangeGuide.

2020-11-23 17:18