DeFi Protocol Alpha Hamora gets Exploited, Cream Markets “Functioning As Normal” But TVL More than Halved
The price of both CREAM and ALPHA takes a hit after the complex exploit results in the loss of millions of funds. Cream markets are re-enabled across both V1 and V2, while Alpha has patched the loophole.
The latest complex hack of the decentralized finance (DeFi) protocols has resulted in the potential loss of millions of dollars.
Decentralized peer-to-peer lending platform Cream Finance team announced, “We are aware of a potential exploit and are looking into this. Thank you for your support as we investigate,” on Twitter in the wee hours of Saturday.
This was followed by pausing the assets borrowing on IronBank.
Just yesterday, the team announced that the total supply on CREAM has increased by 50% in just over a week from 743 million to 1.1 billion, with the Iron bank having 64% of total supply, 43% of TVL, and an 82% utilization rate.
Soon, the team assured that “C.R.E.A.M. contracts and markets were investigated and found to be functioning as normal.”
Markets were then re-enabled across both V1 and V2.
However, the TVL (total value locked) of the project took a hit and lost more than half of it to fall to about $330 million. The token CREAM has also lost more than 18% of its value to now trade at $217.63.
But a bigger hit was taken by Alpha Finance’s token APLHA, whose price dropped by 26% to $1.75.
The TVL of DeFi lending protocol Alpha Hamora also lost about 50 million but is still above $1 billion, as per DeFi Pulse.
The losses have been the result of the project announcing an exploit on Alpha Homora V2 and that they are now working with Cream Finance and YFI’s Andre Cronje. YFI prices went down 14%, trading under $44k.
Is it safe to suggest you stop investing in Andre projects or is that still too unpopular of an opinion for some of you
— Altcoin Psycho (@AltcoinPsycho) February 13, 2021
“The loophole has been patched. We're in the process of investigating the stolen fund and have a prime suspect already,” noted the Alpha Team.
For now, users aren’t allowed to borrow more funds from Alpha Homora v2. While “V1 is safe and operational,” no new leveraged positions and borrowing is allowed on existing positions either.
A trail of activity shows a multi-step process that involved the usage of privacy solution Tornado Solution and several protocols, Alpha Hamora, Cream Finance, and Aave. The full details of this complex attack are yet to emerge, with both Cream and Alpha teams saying they will share the post mortem of the incident soon.
With yet another flat loan involved, one would think shutting them is the solution, but it’s not as Stani Kulechov, co-founder and CEO of AAVE, said,
“These attacks can be done without flash loans, flash loans are actually helping protocols to become more resilient, and most of the flash loans are consumed on good stuff.”