Andre Cronje Suggests Aave Has a Major Vulnerability

Cronje suggested that Aave may be in a position similar to that of Cream Finance.

Andre Cronje Suggests Aave Has a Major Vulnerability
Image: Ivan Babydov

Key Takeaways

  • Yearn founder Andre Cronje has suggested that Aave may suffer from the same security vulnerability that recently plagued Cream Finance.
  • An Aave community proposal meant to address some potential risks has been approved.
  • While DeFi Twitter has been rife with biting comments, positivity remains.

Share this article

Some unsavory developments between DeFi communities have occurred in the past two days; however, it might be mostly noise.

DeFi War? Not So Much

Yearn founder Andre Cronje tweeted today that Aave (TVL of over $19 billion) users are vulnerable to many of the same risks that have recently troubled other protocols. He wrote: 

“Aave core after 24 hour defamation marathon on yearn for cream being exploited, while Aave is vulnerable to the same exploit… Tell me again how much better your security is.”

Cronje appears to be referring to the most recent attack on Cream Finance, which resulted in the loss of roughly $136 million in Cream funds via a flash loan attack two days ago. In August, Cream’s protocol lost $34 million, although $17.6 million of that was returned by the hacker. Cream (TVL of $1.35 billion) is part of Yearn’s ecosystem. Yearn has a TVL of $5.8 billion. 

When asked for comment, Aave founder Stani Kulechov referred Crypto Briefing to a recent Aave Twitter thread that sheds light on the situation. Financial modeling platform Gauntlet Network issued a proposal meant to mitigate possible risk in the Aave protocol. While concerns had been raised earlier this week by Aave community members, simulations run by the Gauntlet Network suggested that such attacks would result in a net loss for the attackers. The proposal passed.

Cronje did not immediately respond to a request for comments. However, today Yearn wrote in a tweet

“Yearn devs have been in war rooms with Aave and Cream from the start working together. We are assisting with identifying and fixing several issues. If you think we are at war, throw away your newspapers.” 

Perhaps to mitigate conflict and show support, Kulechov wrote early this morning in a tweet:

“Everyone in DeFi is in the same boat. We all want to make finance more fair, transparent and impactful to empower the next wave of users. Building DeFi is hard and communities have their differences. Lets work together, support each other and most importantly win together. WGMI [heart emoji].”

WGMI is crypto slang for “we’re going to make it,” and it is in contrast to NGMI (“not going to make it”). In fact, the hacker of the recent $134 million Cream attack received a message (via a transaction) from a user called “oilysirs.eth,” warning the attacker that they “are NGMI.”

Share this article