This site is reader-supported. When you click through links on our site, we may be compensated.
<div class="featured_image_container"> </div> <strong>Following the Cream Iron Bank flash loan attack, preliminary findings of a probe have shown that contracts and markets still function normally. As a result, markets have now been re-enabled while the asset borrowing function has been paused. The Cream team also reveals that investigations are continuing. </strong>
After the exploit, the value of the Cream protocol token plummeted from just over $280 on February 12 to $186.48 24 hours later. At the time of writing, Messari data shows that the token had recovered although it has remained mostly under $230.
Meanwhile, in his analysis of the exploit, researcher Igor Igamberdiev reveals that the attacker(s) had “used Alpha Homora for borrowing Synthetix stablecoin from Ironbank.” He adds that “each time they (would) borrow twice as much as in the previous one.” The attacker(s), did this through two transactions and whenever they lend the funds back into Ironbank they would receive Yearn Synthetix stablecoin.
According to Igamberdiev, the attacker(s) had at some point secured a 1.8 million USDC flash loan from Aave v2. This flash loan was then swapped with Synthetix stablecoin for onward lending to Ironbank.
Using similar tactics, the attacker(s) would take out an even bigger loan. In his Twitter thread, Igamberdiev explains:
Also, a $10 million flash loan is taken, which is also used to increase the number of Yearn Synthetix stablecoin. In the end, the number of their Yearn Synthetix stablecoin reaches an incredible amount, which allows them to borrow anything from Iron bank.
Consequently, the attackers went on to borrow stablecoins valued at $13.4 million as well as wrapped ETH valued at over $23 million.
At the time of writing, it had been revealed that the debt resulting from the attack “will not be between users and Alpha Homora.” Instead, it will be Alpha Homora and Iron Bank that will have to “find a solution that resolves the debt between the two protocols.”
What do you think needs to be done to prevent future flash loan attacks? You can tell us what you think in the comments section below.
<div class="article__body__tags-related"> <div class="article__body__tags-related__tags"> <h6 class="article__body__tags-related__title"> Tags in this story </h6> </div> </div> <p class="images_credits"><em><b>Image Credits</b>: Shutterstock, Pixabay, Wiki Commons, Messari.io, </em></p> <div class="disclaimer" readability="18.596525096525"><strong>Disclaimer</strong>: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. <a href="https://bitcoin.com">Bitcoin.com</a> does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.