IMG-LOGO

Cream Iron Bank $36M Flash Loan Attack: Markets Re-Enabled While Asset Borrow Is Paused

News Feed - 2021-02-17 04:02:59

Cream Iron Bank $36M Flash Loan Attack: Markets Re-Enabled While Asset Borrow Is Paused


Following the Cream Iron Bank flash loan attack, preliminary findings of a probe have shown that contracts and markets still function normally. As a result, markets have now been re-enabled while the asset borrowing function has been paused. The Cream team also reveals that investigations are continuing. The Exploit


After the exploit, the value of the Cream protocol token plummeted from just over $280 on February 12 to $186.48 24 hours later. At the time of writing, Messari data shows that the token had recovered although it has remained mostly under $230.



Meanwhile, in his analysis of the exploit, researcher Igor Igamberdiev reveals that the attacker(s) had “used Alpha Homora for borrowing Synthetix stablecoin from Ironbank.” He adds that “each time they (would) borrow twice as much as in the previous one.” The attacker(s), did this through two transactions and whenever they lend the funds back into Ironbank they would receive Yearn Synthetix stablecoin.


According to Igamberdiev, the attacker(s) had at some point secured a 1.8 million USDC flash loan from Aave v2. This flash loan was then swapped with Synthetix stablecoin for onward lending to Ironbank. Millions Siphoned


Using similar tactics, the attacker(s) would take out an even bigger loan. In his Twitter thread, Igamberdiev explains: Also, a $10 million flash loan is taken, which is also used to increase the number of Yearn Synthetix stablecoin. In the end, the number of their Yearn Synthetix stablecoin reaches an incredible amount, which allows them to borrow anything from Iron bank.


Consequently, the attackers went on to borrow stablecoins valued at $13.4 million as well as wrapped ETH valued at over $23 million.


At the time of writing, it had been revealed that the debt resulting from the attack “will not be between users and Alpha Homora.” Instead, it will be Alpha Homora and Iron Bank that will have to “find a solution that resolves the debt between the two protocols.”


What do you think needs to be done to prevent future flash loan attacks? You can tell us what you think in the comments section below. UN Report: North Korea Stockpiles $316 Million in Cryptocurrencies From Cyberattacks SECURITY | 6 days ago Expert warns Hackers are Targeting Russian Government"s IT Infrastructure to Mine Cryptocurrencies SECURITY | Feb 9, 2021 Tags in this story Aave, Alpha Homora, Defi protocol, Flash loan attack, Iron Bank, Stablecoin, USDC, WETH, Yearn


Image Credits: Shutterstock, Pixabay, Wiki Commons, Messari.io, Purchase Bitcoin without visiting a cryptocurrency exchange. Buy BTC and BCH here. Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article. Read disclaimerShow comments