Alpha Finance Lab, an ecosystem of DeFi products, recently released a post-mortem report on the exploit in their Homora V2 product.
As per the company, they are “investigating with the relevant parties and will work with the authorities to trace the attacker.”
What Is The Homora V2 Exploit?
On Feb 13, 7:13 AM UTC, an attacker exploited Alpha Homora V2 using a series of complex transactions, which involved flash loans and drained away $37 million from their contracts.
“Dear Alpha community, we’ve been notified of an exploit on Alpha Homora V2. We’re now working with @AndreCronjeTech and @CreamdotFinance together on this. The loophole has been patched. We’re in the process of investigating the stolen fund, and have a prime suspect already.”
Apparently, the attacker used Alpha Homora to repeatedly borrow and lend with Iron Bank (Cream V2).
“This exploit is complicated, involving more than 9 transactions. We hope this thorough post mortem will not only be helpful to the Alpha community and our partners, but also to other projects and builders in DeFi.”
Currently, borrowing (new leveraged positions and borrowing more to the existing positions) is paused. However, lenders can still lend and leveraged yield farmers can still repay their debt, add collateral, and close the positions.
Cream Finance also tweeted that the Iron Bank exploit did not impact any of their other contracts:
“C.R.E.A.M. contracts and markets were investigated and found to be functioning as normal. Markets have been re-enabled across both V1 and V2.”
What’s Going To Happen Next?
The Alpha team will now work with Yearn’s Andre Cronje and the Cream team to find remedial action to resolve the debt. The team and security experts will continue to investigate this exploit further. Once the recheck and investigations are complete, Alpha Homora V2 and Iron Bank will continue to operate normally with “more leveraged pools, more lending assets, more features, and better improvement.” One should also note that the Homora V2 has gone through two audits by Quantstamp and PeckShield, and the company said that the company would work with more audit firms.
Overall, it looks like Alpha Finance Labs are looking at the whole incident with a positive disposition:
“This incident has helped us and will continue to help us bond stronger as a community, and we look forward to building a brighter and safer future.”
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.