The joint investigation shows that hackers need inside information to carry out attacks. And because of the agreement and the scope of the audit company, insiders may have multiple possibilities.
Written by: rekt
Translation: The Way of Defi
The dark art of DeFi is still the most profitable.
Below is one of the most dramatic stories we have encountered so far.
A story of false magic, confusion, and allegations, led to the biggest DeFi hacking incident to date.
Approximately $37.5 million of funds were stolen in a complex DeFi deception. This attack used multiple transactions to raided Alpha Finance’s vaults, and many people believed that Cream’s Iron Bank was affected.
The murder took place in a hall with mirrors. The increasingly intertwined nature of the DeFi protocol, coupled with the complexity of the attack, made the community confused as to who the real victims were and who should be responsible for compensation.
The attacker’s contract causes the Homora code to “believe” that their malicious contract is their own, with the goal of manipulating the amount of internal debt in the system.
This is a private battle between the protocol and the attacker. The contract being exploited has not been announced or made available to users, which means that they have not been directly affected. We have not seen such a blatant internal crime, Alpha Finance quickly pointed out that they have found a “primary suspect.”
If the contract is not ready yet, why deploy on the mainnet?
In the chaos, big players act quickly to protect their capital. SBF withdrew US$400 million worth of FTT from Cream Finance, and Three Arrows Capital sent more than US$3 million worth of ALPHA tokens to Binance, the sole purpose of which may be to sell them.
The value of all tokens related to this attack has declined.
Alpha Homora governance token ALPHA fell from $2.25 to $1.78.
Iron Bank governance token CREAM fell from US$288.32 to US$193.51.
AAVE, which provided the lightning loan function required for this attack, its governance token fell from $518 that day to a low of $492.
However, token pricing is not the most interesting aspect of this story.
The Alpha Finance team released an excellent survey report, and their findings were amazing. The results of our joint investigation show that the level of corruption is much worse than expected.
It remains to be seen whether Alpha Finance will disclose their allegations, but their initial statement about the main suspect indicates that the impact is coming.
From the official investigation report, we can see that the attacker needs to know the following information to carry out the attack:
HomoraBankv2 deploys an sUSD pool for the upcoming version, which is neither available on the UI nor publicly released.
There is no liquidity in the sUSD lending pool, so attackers can completely manipulate and exaggerate the total debt amount and total debt share;
There is a rounding error calculation in the calculation of the borrowing function, which will have an impact only when the attacker is the only borrower;
The resolveReserve function can increase totalDebt without increasing totalDebtShare. In fact, anyone can call the function used to collect income into the reserve pool;
HomoraBankv2 accepts any custom spell, as long as the invariant checks out collateral>borrow (similar to the spell of the strategy in Year);
Under the gaze of so many users, the robbers left clear clues. In a rare counterattack, the victim singled out the attacker.
The above requirements prove that inside information is needed to carry out this attack. However, due to the scope of the agreement and audit company involved, insiders may have multiple possibilities.
rekt is no longer in the business of accusations, but we look forward to seeing how Alpha Finance handles this situation.
The following is what Alpha Finance stated:
The attacker created an evil spell (equivalent to Year’s strategy) https://etherscan.io/tx/0x2b419173c1f116e94e43afed15a46e3b3a109e118aba166fcca0ba583f686d23
The attacker exchanges ETH for UNI and provides ETH+UNI to the Uniswap pool (to obtain ETH/UNI LP tokens). In the same transaction, exchange ETH->sUSD on Uniswap and deposit sUSD into Iron Bank of Cream (get cysUSD) https://etherscan.io/tx/0x4441eefe434fbef9d9b3acb169e35eb7b3958763b74c5617b39034decd4dd3ad
Use evil spell to call execute to HomoraBankV2, execute: borrow 1000e18 sUSD, deposit UNI-WETH LP in WERC20, and use it as collateral in the process (bypassing the collateral> borrow check). The attacker owns 1,000e18 sUSD debt share ( Because the attacker is the first borrower) https://etherscan.io/tx/0xcc57ac77dc3953de7832162ea4cd925970e064ead3f6861ee40076aca8e7e571
Use evil spell again to call execute to HomoraBankV2, and execute: repay 100000098548938710983 sUSD (the actual accrued interest debt is 100000098548938710984 sUSD), resulting in the repayment share 1 less than the total share. As a result, the attacker now has 1 minisUSD debt and 1 share of debt. https://etherscan.io/tx/0xf31ee9d9e83db3592601b854fe4f8b872cecd0ea2a3247c475eea8062a20dd41
Call the resolveReserve of the sUSD bank, resulting in 19709787742196 debt, and totalShare is still 1. Current status: totalDebt = 19709787742197, and totalShare = 1 https://etherscan.io/tx/0x98f623af655f1e27e1c04ffe0bc8c9bbdb35d39999913bedfe712d4058c67c0e ;
Use evil spell again to call execute to HomoraBankV2 and execute (repeat 16 times, each time the borrowed amount is doubled): Borrow 19,709,787,742,196 USD and transfer to the attacker (doubled each time, because the totalDebt is doubled for each successful borrow). Each borrowing is 1 less than the totalDebt value, resulting in the corresponding borrowing share = 0, so the agreement treats it as a debt-free borrowing. At the end of the transaction, the attacker deposited 19.54 sUSD into Cream’s Iron Bank. https://etherscan.io/tx/0x2e387620bb31c067efc878346742637d650843210596e770d4e2d601de5409e3
Continue this process: use the evil spell again to call execute to HomoraBankV2, and execute (repeat 10 times, doubling the borrowed amount each time). At the end of the transaction, the attacker deposited 1321 sUSD into Cream’s Iron Bank, https://etherscan.io/tx/0x64de824a7aa339ff41b1487194ca634a9ce35a32c65f4e78eb3893cc183532a4 ;
Borrow 1,800,000 USDC through Aave’s lightning loan, and then convert the 1,800,000 USDC into 1770757.5625447219047906 sUSD, and deposit it in Cream to allow the attacker to have enough liquid funds to use custom spell borrowing, and continue to double sUSD borrowing from 1322.70 sUSD to 677223.15 sUSD (10 times in total). Change 1353123.59 sUSD to 1374960.72 USDC and borrow 426659.27 USDC from Cream (because the attacker has deposited sUSD in step b) https://etherscan.io/tx/0x7eb2436eedd39c8865fcc1e51ae4a245e89765f4c64a3200c623f676b3912f9
Repeat step 8, this time the amount is about 10 million USDC, https://etherscan.io/tx/0xd7a91172c3fd09acb75a9447189e1178ae70517698f249b84062681f43f0e26e ;
Repeat 10 million USDC, https://etherscan.io/tx/0xacec6ddb7db4baa66c0fb6289c25a833d93d2d9eb4fbe9a8d8495e5bfa24ba57
Borrow 13244.63 WETH+3.6 million USDC+5.6 million USDT+4.26 million DAI, supply stablecoins to Aave (to obtain aToken, so USDC and USDT cannot be frozen), and supply aDAI, aUSDT and aUSDC to the Curve a3Crv pool, https://etherscan .io/tx/0x745ddedf268f60ea4a038991d46b33b7a1d4e5a9ff2767cdba2d3af69f43eb1b
Add a3Crv LP token to Curve’s liquidity gauge https://etherscan.io/tx/0xc60bc6ab561af2a19ebc9e57b44b21774e489bb07f75cb367d69841b372fe896
The remaining transactions will send funds to Tornado Cash and GitCoin Grants, of which 1,000 ETH will be sent to the deployer addresses of Cream and Alpha.
This story is unique and suspicious.
When it comes to white hat/black hat activities, we always look forward to seeing role transitions, but we rarely see victims accusing them so clearly.
Andre Cronje, who facilitated the collaboration between Yearn and Alpha Homora a few weeks ago, wrote of the attack:
“Take some time to study this attack, 9 transactions, 4 different manipulations, one of which includes precise debt calculations. It took the research team several hours to figure it out. Alpha immediately took measures to mitigate the vulnerability. The problem was solved within minutes after it was discovered.”
And Banteg’s reply is:
“This incident is absolutely crazy. It is impossible for anyone to just look at the contract, especially the unannounced things, to discover this.”
Perhaps this will lead to another Yearn acquisition. Cronje’s name was mentioned 4 times in the investigation report, and the model does seem familiar.
How long can the era of anonymous hackers last?
Since the list of possible suspects is very small, it is easier to exclude and track potential attackers. In this case, the list is even smaller than usual.
When dealing with code, “Don’t trust, verify” is an excellent slogan, but it does not stop the growing social paranoia. We are going through a period of unprecedented growth in cryptocurrency and DeFi. During this period, the cost of not working is very high. The mental burden of DeFi developers is increasing day by day.
The empire is built on the lines of code, and the future of finance is before our eyes.
Developers are caught in competition, and corrupt insiders help hackers work underground and dig holes in their foundations.
When one tower collapses, the other towers will watch and learn. Before the dust settles, the crowd has already begun to move forward, and the tough team will return to the arena in search of stronger strength.
How long can they last before the inevitable error causes their cloak of anonymity to fall?
Disclaimer: As a blockchain information platform, articles published on this site only represent the author’s personal views, and have nothing to do with ChainNews’ position. The information, opinions, etc. in the article are for reference only, and are not intended as or regarded as actual investment advice.