Share this article
DeFi Protocols Cream Finance, Alpha Exploited in Flash Loan Attack; $37.5M Lost
Alpha Finance says the "loophole" has been patched.
Updated Sep 14, 2021, 12:11 p.m. Published Feb 13, 2021, 1:52 p.m.
Decentralized finance protocols (DeFi) Cream Finance and Alpha Finance were victims of one of the largest flash loan attacks ever Saturday morning, resulting in a loss of funds totaling $37.5 million, according to transaction details on Etherscan.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
We are aware of a potential exploit and are looking into this. Thank you for your support as we investigate.
— Cream Finance 🍦 (@CreamdotFinance) February 13, 2021
Two hours later Cream Finance said its contracts were “functioning as normal” and markets had been enabled.
C.R.E.A.M. contracts and markets were investigated and found to be functioning as normal. Markets have been re-enabled across both V1 and V2.
— Cream Finance 🍦 (@CreamdotFinance) February 13, 2021
Post mortem to follow.
Alpha Finance then posted its own announcement, saying its Alpha Homora V2 product was the root cause. The company confirmed that it is working with DeFi guru Andre Cronje and Cream Finance to investigate the incident, and that the loophole had been fixed. It also said that they “have a prime suspect” in mind.
Dear Alpha community, we've been notified of an exploit on Alpha Homora V2. We're now working with @AndreCronjeTech and @CreamdotFinance together on this.
— Alpha Finance Lab (@AlphaFinanceLab) February 13, 2021
The loophole has been patched.
We're in the process of investigating the stolen fund, and have a prime suspect already.
Earlier, Cream Finance tweeted an update on the incident saying that asset borrowing from its recently launched Iron Bank lending feature had been suspended. That tweet has since been deleted.
This is the second attack on a DeFi protocol in the last two weeks. Cronje's Yearn Finance suffered an an exploit in one of its DAI lending pools, according to the decentralized finance protocol’s official Twitter account. That exploit drained $11 million.
.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
ETH, ADA, XRP Lead Gains as Bitcoin Edges Higher on Fed Rate Cut Expectations
Asian equities opened the week slightly higher ahead of a heavy run of central bank decisions, including a Federal Reserve meeting where markets have largely priced in a 25-basis-point rate cut.
What to know:
- Bitcoin traded above $91,300 as Asian equities opened higher, with markets anticipating a Federal Reserve rate cut.
- Bitcoin rose 2% in 24 hours, facing resistance near $94,000, while Ether gained 3% to $3,135.
- Despite crypto market gains, sentiment remains cautious, with potential for a deeper slowdown without new liquidity.
Top Stories
