Cream Iron Bank $36M Flash Loan Attack: Markets Re-Enabled While Asset Borrow Is Paused
Following the Cream Iron Bank flash loan attack, preliminary findings of a probe have shown that contracts and markets still function normally. As a result, markets have now been re-enabled while the asset borrowing function has been paused. The Cream team also reveals that investigations are continuing.
After the exploit, the value of the Cream protocol token plummeted from just over $280 on February 12 to $186.48 24 hours later. At the time of writing, Messari data shows that the token had recovered although it has remained mostly under $230.
Meanwhile, in his analysis of the exploit, researcher Igor Igamberdiev reveals that the attacker(s) had “used Alpha Homora for borrowing Synthetix stablecoin from Ironbank.” He adds that “each time they (would) borrow twice as much as in the previous one.” The attacker(s), did this through two transactions and whenever they lend the funds back into Ironbank they would receive Yearn Synthetix stablecoin.
According to Igamberdiev, the attacker(s) had at some point secured a 1.8 million USDC flash loan from Aave v2. This flash loan was then swapped with Synthetix stablecoin for onward lending to Ironbank.
Using similar tactics, the attacker(s) would take out an even bigger loan. In his Twitter thread, Igamberdiev explains:
Also, a $10 million flash loan is taken, which is also used to increase the number of Yearn Synthetix stablecoin. In the end, the number of their Yearn Synthetix stablecoin reaches an incredible amount, which allows them to borrow anything from Iron bank.
Consequently, the attackers went on to borrow stablecoins valued at $13.4 million as well as wrapped ETH valued at over $23 million.
At the time of writing, it had been revealed that the debt resulting from the attack “will not be between users and Alpha Homora.” Instead, it will be Alpha Homora and Iron Bank that will have to “find a solution that resolves the debt between the two protocols.”
What do you think needs to be done to prevent future flash loan attacks? You can tell us what you think in the comments section below.