Share this article

DeFi Protocols Cream Finance, Alpha Exploited in Flash Loan Attack; $37.5M Lost

Alpha Finance says the "loophole" has been patched.

Updated Sep 14, 2021, 12:11 p.m. Published Feb 13, 2021, 1:52 p.m.

Andre Cronje interviewed at Seoul Blockchain Week, 2019.

Decentralized finance protocols (DeFi) Cream Finance and Alpha Finance were victims of one of the largest flash loan attacks ever Saturday morning, resulting in a loss of funds totaling $37.5 million, according to transaction details on Etherscan.

STORY CONTINUES BELOW

Don't miss another story.Subscribe to the Crypto Long & Short Newsletter today. See all newsletters

By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

We are aware of a potential exploit and are looking into this. Thank you for your support as we investigate.
— Cream Finance 🍦 (@CreamdotFinance) February 13, 2021

Two hours later Cream Finance said its contracts were “functioning as normal” and markets had been enabled.

C.R.E.A.M. contracts and markets were investigated and found to be functioning as normal. Markets have been re-enabled across both V1 and V2.

Post mortem to follow.
— Cream Finance 🍦 (@CreamdotFinance) February 13, 2021

Alpha Finance then posted its own announcement, saying its Alpha Homora V2 product was the root cause. The company confirmed that it is working with DeFi guru Andre Cronje and Cream Finance to investigate the incident, and that the loophole had been fixed. It also said that they “have a prime suspect” in mind.

Dear Alpha community, we've been notified of an exploit on Alpha Homora V2. We're now working with @AndreCronjeTech and @CreamdotFinance together on this.

The loophole has been patched.

We're in the process of investigating the stolen fund, and have a prime suspect already.
— Alpha Finance Lab (@AlphaFinanceLab) February 13, 2021

Earlier, Cream Finance tweeted an update on the incident saying that asset borrowing from its recently launched Iron Bank lending feature had been suspended. That tweet has since been deleted.

This is the second attack on a DeFi protocol in the last two weeks. Cronje's Yearn Finance suffered an an exploit in one of its DAI lending pools, according to the decentralized finance protocol’s official Twitter account. That exploit drained $11 million.

DeFi Yearn Finance flash-loan-attack cream alpha finance Andre Cronje

Kevin Reynolds

Kevin Reynolds is editor-in-chief at CoinDesk. Prior to joining the company in mid-2020, Reynolds spent 23 years at Bloomberg, where he won two CEO awards for moving the needle for the entire company and established himself as one of the world's leading experts in real-time financial news. In addition to having done almost every job in the newsroom, Reynolds built, scaled and ran products for every asset class, including First Word, a 250-person global news/analysis service for professional clients, as well as Bloomberg's Speed Desk and the training program that all Bloomberg News hires worldwide are required to take. He also turned around several other operations, including the company's flash headlines desk and was instrumental in the turnaround of Bloomberg's BGOV unit. He shares a patent for a content management system he helped design, is a Certified Scrum Master, and a veteran of the U.S. Marine Corps. He owns bitcoin, ether, polygon and solana.