Alpha Finance Exploited in $37.5 Million Attack

2021-2-14 12:30

An attacker targeted DeFi protocol Alpha Finance for a sum of $37.5 million earlier this morning. The exploit was found in the protocol’s Alpha Homora V2 product—not Cream Finance, as many suspected. 

Another DeFi Exploit

The DeFi space has suffered yet another attack. 

This time, it involved Alpha Finance. Though full details are yet to surface, it appears that the exploit affected the protocol’s Alpha Homora V2 product.

Initially, members of the DeFi community pointed to Cream Finance as the root cause of the incident, though the Cream team confirmed that its contracts were “functioning as normal.” Alpha Homora integrates Cream, which led to confusion. 

Alpha Finance then posted their own announcement, pointing to the Alpha Homora V2 product as the exploit’s origin. They confirmed that they’re working with Andre Cronje and Cream Finance to investigate the incident, and that the loophole had been fixed. They also said that they “have a prime suspect” in mind.

Dear Alpha community, we've been notified of an exploit on Alpha Homora V2. We're now working with @AndreCronjeTech and @CreamdotFinance together on this.

The loophole has been patched.

We're in the process of investigating the stolen fund, and have a prime suspect already.

— Alpha Finance Lab (@AlphaFinanceLab) February 13, 2021

Borrowing from Alpha Homora V2 has also been paused.

An Etherscan transaction shows that the attack was worth over $37.5 million. A large chunk of that sum was a loan of 13,244 ETH. 

Source: Etherscan

A trail of activity shows that they sent some ETH through Tornado.cash, a privacy solution that helps Ethereum users conceal their transaction history. They also appear to have sent 1,000 ETH to both the Alpha Finance Lab deployer and Cream Finance deployer. 

The attack was carried out through a complex multi-step process that suggests the perpetrator was an experienced DeFi native. They used the Alpha Homora protocol, which integrates Cream, to borrow sUSD. They then lent these funds back to Iron Bank to receive cySUSD. They also took out large flash loans from Aave to increase their cySUSD holdings. With that, they were able to borrow the 13,244 ETH, $4,263,139 worth of DAI, $3,997,921 worth of USDC, and $5,647,242 worth of USDT. 

They deposited some funds to Aave, 1,000 ETH to Iron Bank and Alpha Homora, and sent 320 ETH to Tornado.cash. That leaves just under 10,925 ETH in their wallet, worth roughly $20 million. Their funds can be viewed on Etherscan. They did it all for a transaction fee of 0.67 ETH, around $1,274. 

The native tokens of both Cream Finance and Alpha Finance have tanked following the news. ALPHA has been particularly hard hit—it’s down 22% at the time of writing, trading at $1.82.

Full details surrounding the attack are yet to emerge. Both Cream Finance and Alpha Finance have confirmed that they’ll share post-mortem reports soon.

Alpha Finance is one of DeFi’s leading protocols, alongside Cream Finance. The attack is yet another case study that shows DeFi is still in its nascent stages. As such, experimenting with this technology is highly risky. 

Editor’s note: This is a developing story. More updates will be posted as they come.

Disclosure: At the time of writing, the author of this story owned ETH and ALPHA. 

origin »

Bitcoin price in Telegram @btc_price_every_hour

Alpha Token (A) на Currencies.ru

$ 0 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 6.55 %
Cегодня L: $0 - H: $0
Капитализация $0 Rank 99999
Цена в час новости $ 0.0043824 (-100%)

million attack finance exploited alpha

million attack → Результатов: 126


Фото:

New York City College Struck by Ransomware, $1.9 Million in Bitcoin Demanded

Munroe College in Manhattan has been hit by a ransomware attack that has shut down the college’s computer systems. The hackers are demanding 170 bitcoin (BTC), which is roughly $1. 9 million. The malware infection came to light on the morning of July 10, but the specifications of the infection are still largely unknown, as reportedRead MoreRead More.

2019-7-15 13:00


Baltimore’s Bitcoin Ransom Attack Amounts to $18 Million, Hackers’ $80,000 Demand Gets Unfulfilled

It has been recently revealed that Baltimore’s latest crypto ransom attack resulted in nearly $18 million spent on recovery. The attack, which supposedly took place on Tuesday, May 7, 2019, not only had the city scrambling to get the effects eliminated to the best of their abilities, but also left them deciding on whether hackers’ […]

2019-6-7 05:05


Ethereum Classic (ETC) Announces Astor Network Testnet Mining is Ready in Response to 51% Attack

Ethereum Classic network faced a double 51% attack on its platform in the month of January which led to a loss of $1 million. The attackers were able to accumulate 51% of the hash power required to manipulate the network and continued the attack for several days. The attackers used their control on the ETC […]

2019-5-29 18:22


Cryptopia Limited Files for US Bankruptcy Protection Following Massive Hack in Early 2019

Cryptopia Limited was hacked multiple times in the first quarter of 2019. The shareholders of Cryptopia have decided to file for bankruptcy in a Chapter 15 case in New York. The hacking of the Cryptopia exchange made headlines in January after a massive attack took $16 million from the exchange. The exchange was the host […]

2019-5-25 04:41