The Cream Finance defeat protocol was attacked that resulted in a loss of $ 37.5 million. In the official statement made on Twitter, it was said that they investigated the protocol and the issue.
Apparently, the attack was carried out by borrowing sUSD from IronBank using Alpha Homora.
The hacker (s) managed to exploit a loophole to take out a loan and used Alpha Homora to withdraw sUSD from the collateral loan position. The hacker continued to withdraw larger loans than before and deposited the sUSD withdrawn from Iron Bank back into the safe and started to receive cySUSD in return for this transaction. But as soon as he got the credit he used it to return cyUSD to the receiving platform. The hacker managed to get 1.8 million USDC loans from Aave v2 and the cycle continued as they simultaneously returned the withdrawn loan. The hacker repeated this cycle until he had accumulated enough cyUSD to borrow anything from the platform. Ultimately, he collected so much cySUSD that he could withdraw any amount of credit from IronBank.
The hacker finally used the Aave v2 collateral debt position to replenish the loan with stablecoins to refund the loan, including the withdrawn ETH amount and other tokens. While the hackers have consistently managed to lend twice as much, 13,200 WETH, 3.6 million USDC, 5.6 million USDT and 4.2 million DAI were taken by the perpetrator. The stablecoins in question purchased from IronBank were sent to Aave. 320 ETH, IronBank and Homora contracts were sent to Tornado, and 1000 ETH each. Almost 10,925 ETH remained in the attacker’s own wallet. The research analyst at The Block Igor Igamberdiev detailed the process and how it evolved on Twitter.
Alpha Labs announced that it has since been working with YFI founder Andre Cronje and CREAM Finance to investigate the stolen funds. They stated that a suspect had already been identified.
Finally, there was a 40% drop in the price of CREAM, from $ 285 to $ 173.