{"id":177628,"date":"2021-02-13T17:33:45","date_gmt":"2021-02-13T14:33:45","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/alpha-homora-loses-37-million-following-iron-bank-exploit\/"},"modified":"2021-02-13T17:33:45","modified_gmt":"2021-02-13T14:33:45","slug":"alpha-homora-loses-37-million-following-iron-bank-exploit","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/alpha-homora-loses-37-million-following-iron-bank-exploit\/","title":{"rendered":"# Alpha Homora loses $37 million following Iron Bank exploit"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a3a1b2391ca1\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a3a1b2391ca1\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/alpha-homora-loses-37-million-following-iron-bank-exploit\/#Protocol_Bailout\" >Protocol Bailout?<\/a><\/li><\/ul><\/nav><\/div>\n<p>&#8220;<strong># Alpha Homora loses $37 million following Iron Bank exploit <\/strong>&#8221;<br \/>\n<img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMDIvYTI3NDA3ZDYtN2M5YS00MTJjLWFhMGMtZTEwOWIwNTlhZmY1LmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-5a136f3a>In one of the largest exploits of the DeFi era, this morning an attacker successfully drained over $37 million from Alpha Homora by leveraging Cream\u2019s Iron Bank protocol-to-protocol lending platform.\u00a0<\/p>\n<p>Alpha Finance Lab, whose protocol was audited by Quantstamp and Peckshield, announced on <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Twitter<\/a> this morning that they were aware of an attack, that the \u201cloophole\u201d that allowed it had been patched, and that the team had a \u201cprime suspect\u201d:<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Dear Alpha community, we&#8217;ve been notified of an exploit on Alpha Homora V2. We&#8217;re now working with <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/AndreCronjeTech?ref_src=twsrc%5Etfw\">@AndreCronjeTech<\/a> and <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/CreamdotFinance?ref_src=twsrc%5Etfw\">@CreamdotFinance<\/a> together on this.<\/p>\n<p>The loophole has been patched. <\/p>\n<p>We&#8217;re in the process of investigating the stolen fund, and have a prime suspect already.<\/p>\n<p>\u2014 Alpha Finance Lab (@AlphaFinanceLab) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/AlphaFinanceLab\/status\/1360535699368251394?ref_src=twsrc%5Etfw\">February 13, 2021<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>The transaction from the exploit is notably <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/etherscan.io\/tx\/0x745ddedf268f60ea4a038991d46b33b7a1d4e5a9ff2767cdba2d3af69f43eb1b\">complex<\/a>. The attacker used Alpha Homora to borrow and lend repeatedly with Iron Bank, which allows for leveraged lending. Some analysts have speculated that a faked \u201cspell\u201d (Alpha\u2019s branded term for a smart contract) is what enabled the exploit:<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">That contract is a faked Alpha Homora spell, Alpha Homora&#8217;s system thought it was one of their own;<\/p>\n<p>That &#8220;contract&#8221; is &#8220;owned&#8221; by Alpha <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/5OHlWh9Mi1\">pic.twitter.com\/5OHlWh9Mi1<\/a><\/p>\n<p>\u2014 Arrundai (@arrundai) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/arrundai\/status\/1360542012580110345?ref_src=twsrc%5Etfw\">February 13, 2021<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>This \u201cfake spell\/contract\u201d exploit conceptually echoes the \u201cevil jar\u201d attack on Pickle Finance that netted an attacker $20 million late last year. In both cases, the exploited protocols errantly responded to faked contracts.\u00a0<\/p>\n<p>Shortly after the successful exploit, the attacker \u201ctipped\u201d the Alpha and Iron Bank deployers 1,000 Ether each, and also made a Gitcoin donation. <\/p>\n<p>Cream Finance said in a statement on Twitter that the Iron Bank exploit did not impact any of their other contracts, and that their money markets were functioning normally:<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">C.R.E.A.M. contracts and markets were investigated and found to be functioning as normal. Markets have been re-enabled across both V1 and V2. <\/p>\n<p>Post mortem to follow.<\/p>\n<p>\u2014 Cream Finance  (@CreamdotFinance) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/CreamdotFinance\/status\/1360526962582691840?ref_src=twsrc%5Etfw\">February 13, 2021<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Protocol_Bailout\"><\/span>Protocol Bailout?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The question now turns to how users will be compensated in the event the protocols cannot pressure their \u201cprime suspect\u201d into returning the funds.\u00a0<\/p>\n<p>The Yearn.Finance team and MakerDAO set a precedent with \u201cDAOs bailing out DAOs\u201d last week when MakerDAO allowed for the creation of a custom-built collateralized debt position from Yearn\u2019s newly-minted treasury. <\/p>\n<p>While the size of the exploit is larger than the $11 million Yearn suffered, some have speculated that Alpha will likewise print tokens to cover the loss \u2014 and some traders and institutions have already positioned themselves for such a dilution. <\/p>\n<p>Intrepid chain activity monitors noticed that Three Arrows Capital sent over $3 million in ALPHA tokens to Binance this morning, possibly with the intention of selling:<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"tl\" dir=\"ltr\">3AC selling <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/search?q=%24Alpha&amp;src=ctag&amp;ref_src=twsrc%5Etfw\">$Alpha<\/a>? Oh man.. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/4xjlhZrIze\">pic.twitter.com\/4xjlhZrIze<\/a><\/p>\n<p>\u2014 Jason La Finance  (@Raez_x) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/Raez_x\/status\/1360542616849375233?ref_src=twsrc%5Etfw\">February 13, 2021<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Currently, ALPHA, the governance token of the protocol which suffered the losses, is down 20% to $1.83; CREAM, the governance token of the protocol that enabled the exploit, is down 16% to $222; AAVE, the governance token of the protocol that the exploiter used for a flash loan, is down 2% to $505.\u00a0<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"defi_newsletter\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/alpha-homora-loses-37-million-following-iron-bank-exploit\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;# Alpha Homora loses $37 million following Iron Bank exploit &#8221; In one of the largest exploits of the DeFi era, this morning an attacker successfully drained over $37 million from Alpha Homora by leveraging Cream\u2019s Iron Bank protocol-to-protocol lending platform.\u00a0 Alpha Finance Lab, whose protocol was audited by Quantstamp and Peckshield, announced on Twitter&#8230;<\/p>\n","protected":false},"author":1,"featured_media":177629,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMDIvYTI3NDA3ZDYtN2M5YS00MTJjLWFhMGMtZTEwOWIwNTlhZmY1LmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[75186,74868,74891,74882],"class_list":["post-177628","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-dao","tag-defi","tag-ethereum","tag-hacks"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/177628","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=177628"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/177628\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/177629"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=177628"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=177628"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=177628"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}