CREAM and Alpha Finance Get Hacked for $37.5M

DeFi experienced one of its more complex exploits over the weekend. An attack which resulted in ~$37.5M drained from CREAM Finance’s Iron Bank using Alpha Homora’s leveraged debt.

Dear Alpha community, our partners, and DeFi users, we'd like to share a post mortem on the recent Alpha Homora V2 exploit.

We’d like to sincerely thank everyone who has helped us, both on the technical and non-technical sides.

TL;DR ?https://t.co/FXD0BYapm5

— Alpha Finance Lab (@AlphaFinanceLab) February 13, 2021

An attacker was able to use Alpha’s sUSD contracts which had not yet been released to the public or made available in the UI to act as the sole lender in the pool. With CREAM’s Iron Bank, whitelisted protocols (in this case Alpha Finance) can take undercollateralized loans, allowing the attacker to recursively borrow ETH from CREAM against a growing sUSD debt using flash loans.

The attacker leveraged a rounding miscalculation in Alpha’s borrow function, and the fact that the function, intended for collecting revenue to the reserve pool can be called by anyone, according to Alpha’s post mortem.

Rather than pay off the sUSD debt, the attacker used Tornado Cash – an Ethereum privacy mixer – to make off with the funds.

No User Funds Lost

No user funds were lost, and Alpha and CREAM teams are working on how to heal the debt between the protocols. The loophole that made the exploit possible has been closed, and the project is going through peer review and another security audit ––Alpha Homora V2 had been audited by Quantstamp and Peckshield.

Users cannot open new leveraged positions, as borrowing has been disabled, but can add collateral, repay debt, harvest farmed tokens, and close positions. Borrowing will be re-enabled once Alpha has gone through these security measures.

In what’s become typical DeFi exploit fashion, the hacker returned 1k ETH to the Iron Bank deployer, 1k to the Alpha Homora deployer and 220 ETH to the Tornado Cash deployer. They also gave 100 ETH as a grant to Tornado in the process for their escape hatch.

Protocol to Protocol Debt

While the notion of a DeFi exploit using flash loans is not new, the circumstances of the losses certainly is.

“The debt is not between users and Alpha Homora v2, but between Alpha Homora V2 and Cream V2. states Alpha’s post mortem. “This is because Alpha Homora V2 is integrated with Cream V2 (Iron Bank) in a protocol-to-protocol lending way. Thus, the debt is between the two protocols and not the users.

CREAM and ALPHA tokens have crashed by around 30% since the hack.

Total value locked on CREAM has yet to recover, dropping to just over $2M from $30M before the hack.

TVL on Alpha has remained relatively stable at $1.1B

All things considered, let this serve as a warning for yield farmers that the deeper down the rabbithole you go, the more risk you take on. While no user funds were lost this time around, the sophistication of this hack shows that no yield is without its fair share of risk.