IronBank ($CREAM) was exploited on $37.5M, let’s take a quick look at what happened.👇

1/ Attacker used Alpha Homora for borrowing sUSD from IronBank.
Each time they borrow twice as much as in the previous one.
2/ They do this through two transactions and each time they lend the funds back into IronBank, receiving cySUSD.

3/ At some point exploiter took $1.8M USDC flash loan from Aave v2 and swapped USDC to sUSD using Curve.
4/ They lend these sUSD to IronBank, which allows them to continue borrowing and lending them, receiving cySUSD.

5/ Of course, some sUSD are spent on repayment of the flash loan.
6/ Also, a 10M USD flash loan is taken, which is also used to increase the number of cySUSD.

7/ In the end, the number of their cySUSD reaches an incredible amount, which allows them to borrow anything from IronBank.
8/ Then they borrow:
- 13.2k WETH
- 3.6M USDC
- 5.6M USDT
- 4.2M DAI
9/ Stablecoins have been deposited to Aave v2,
1k ETH to IronBank deployer,
1k ETH to Homora deployer,
220 ETH to Tornado,
100 ETH granted to Tornado
and almost 11k ETH remain on the exploiter balance.

https://etherscan.io/address/0x905315602ed9a854e325f692ff82f58799beab57
You can follow @FrankResearcher.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.