One of the largest flash loan attacks hits Cream and Alpha Finance, Saturday morning. The attack drained a hooping sum of $37.5m according to Etherscan.
At press time, Cream Finance said through a tweet;
“We are aware of a potential exploit and are looking into this. Thank you for your support as we investigate”
Two hours later, Cream Finance revealed, its contract was functioning as normal” and markets had been enabled.
On the other hand, Alpha Finance said it’s Alpha Homora V2 product was the root cause. They confirmed that it is working with DeFi guru Andre Cronje and Cream Finance to investigate the incident and that the loophole had been fixed. It also said that they “have a prime suspect” in mind.
They went forward to say;
“We’re in the process of investigating the stolen funds and have a prime suspect already”
In a deleted tweet, Cream Finance said that asset borrowing from its recently launched Iron Bank lending feature had been suspended.
DeFi ecosystems has since been massively exploited. However, the major reason behind the attacks are presence of bugs on independent and third party contracts.
Concurrently, the best bet is a self hosted cold wallet like BC Vault and other secured cold wallets. Cold wallets helps users own their keys; remember, your keys are your coins. Therefore, if it is not your key, it is not your coin.