Breaking Attack on CREAM Sees $37.5 Million Stolen

Share Article
In Brief
  • A flash loan exploit sees $37.5 million stolen.

  • CREAM token dumps 40% on a sell-off after the exploit.

  • Alpha Labs announced that the issue is patched.

  • promo

    Join the BIGGEST ICO ever launched in Spain: Buy B2M now.

The Trust Project is an international consortium of news organizations building standards of transparency.

Decentralized finance has come a long way over the last year, with new and innovative features constantly evolving and adapting to new projects and contracts. However exploits still occur, as was seen on Feb. 13.



Popular DeFi project CREAM saw a massive $37.5 million flash loan exploit take place on Saturday. While the story is still developing, the team announced the attack. They stated that they are working on a post mortem through relevant parties. 

It appears the exploit took place using Alpha Homora through the borrowing of sUSD from IronBank.



While just how the exploiter managed to continuously lend double the amount of funds, it appears that 13,200 WETH, 3.6 million USDC, 5.6 million USDT, and 4.2 million DAI have been taken by the perpetrator. 

Research analyst at The Block Igor Igamberdiev detailed on Twitter the process and how it unfolded: 

It is believed that Alpha Labs has patched the issue. And while the funds were exploited through Alpha Hamora, an Ethereum protocol for leveraging your position in yield farming pools, the funds were borrowed by the exploiter. 

Alpha Labs has since stated that they are working with YFI founder Andre Cronje and CREAM Finance to investigate the stolen funds. They say that a prime suspect has already been identified. 

CREAM Dumps on Attack

Following the exploit on Alpha Hamora, CREAM saw a 40% decline in price. It fell from $285 to $173. 

CREAM Price dropped 40% following the exploit. Source: Tradingview

As one of the deployers, the price suffered a dramatic drop before seeing some recovery. CREAM has announced that everything is functioning as normal. The team re-started markets, and a post mortem will follow.

Sign of the Times

This hack comes as the number of attacks rises with the bitcoin bull cycle. On Jan. 26, a hacker exploited a system vulnerability on SushiSwap using the Badger DAO token DIGG. The hacker made off with 81 ETH, worth approximately $103,842 at the time. 

Following a hack late in December 2020, Livecoin closed its doors permanently on Jan. 19. While the SushiSwap and Cream attacks seem to be simple exploits, the Livecoin case is different. The event looks to some to be an exit scam run by some of its principals. Technically, the event is interesting because the price of bitcoin on Livecoin reached $222,000 before the exchange shut down. Ethereum reached $6500 as well.

On Dec. 28, a white-hat hacker stole $3 million from Cover Protocol, only to return it a few hours later. In this case, the hacker used an infinite minting bug to create excess COVER tokens. 


All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

Related topics

Ryan is a Fintech specialist with a passion for cryptocurrencies and blockchain adoption. A keen trader and investor in the market since 2016, he enjoys keeping up to date with the latest developments within the industry while finding the next 100x altcoin.

Follow Author

Market signals, studies and analysis! Join our Telegram Today!


Bit2Me ICO JUST STARTED! Buy B2M token now.

Buy now!

Market signals, studies and analysis! Join our Telegram Today!