As of yesterday, Iron Bank seized Alpha Homora’s lending user funds as ransom for not being happy about Homora’s current monthly payments for a bad debt resulting from a hack that happened in 2021. A lesson in how actions of centralised entitled bad actors can also happen in DeFi and hurt users funds.
In short, Homora is a leveraged yield farming protocol that allows for users to deposit their assets for lending to other users that want to open leveraged positions. To access more liquidity, the protocol deposits those funds to Iron Bank and takes loans to provide even more leverage to their liquidity positions.
A 2021 hack on Homora resulted in the loss of 30M USD in borrowed funds from the Iron Bank. The two protocols agreed on a repayment plan during the bull market that seemed favourable. Now in a bear market, those monthly payments are not enough for IB and in what can only be described as a childish fit, they upgraded Homora’s smart contract to disable withdrawals, effectively seizing 80M USD in Homora’s users’ funds as a ransom for the 30M USD they’re owed. They issued an ultimatum in which AH has until the 5th to repay this debt or they’ll liquidate using these same funds. Total misappropriation of user funds in the DeFi space, where it’s all meant to be trustless.
Alpha Homora has provided an update in a Twitter thread:
Users are confused and in disbelief, particularly those who deposited just days ago. I was greeted with this shit show today although luckily I was one of the borrowers, so no impact on me.
I’m all in on Defi, but I’m thinking, maybe we need another class of auditors that can read these contracts and warn us exactly of the things the wallets that can sign them can do. Contracts should be immutable for trustless to be a thing.