Hackers Withdraw $18 Million from Cream Finance’s DeFi Protocol


Cream Finance reported that they were hacked and lost about $18 million in Ethereum. The lending platform was already subjected to a similar attack in February. 

August 30, 2021, | AtoZ Markets – The Cream Finance decentralized lending service was part of an attack that resulted in an attacker stealing 418 million Flexa Network (AMP) tokens and 1,308 ETH.

At the time of writing, over $18 million remained in the wallet of the hackers. The AMP token rate against the background of this news fell by 12%, and CREAM – by 6%.

 

Cream Finance hacked for the second time

The developers of Cream Finance announced that they were able to prevent greater damage from the attack by “stopping collateral and borrowing AMP.” They also stressed that the exploit did not affect other markets.

Blockchain security specialists PeckShield Inc. claim to have identified the root cause of the hack and offered assistance to the Cream Finance developers.

According to PeckShield, a hacker took out an unsecured ETH loan to exploit a “re-entry bug” in a Flexa Network smart contract. In total, he conducted 17 transactions, within which he received additional tokens due to the vulnerability, and then liquidated his own loans. The AMP token is used to secure payments on the Flexa Network. PeckShield also asked Cream Finance to contact them for troubleshooting assistance.

As a reminder, Cream Finance was attacked in February. Then the attackers were able to steal $37.5 million using a bug in the Alpha Finance smart contract.

This month, analysts at CipherTrace reported that $474 million was stolen due to hacks and fraud in the decentralized finance space. Despite developers’ best efforts to prevent vulnerabilities, DeFi projects continue to be regularly featured in hacker attacks.

More than $600 million was recently stolen from the Poly Network project. Subsequently, the organizer of the attack returned all the embezzled funds.

The crux of the problem lies not in lending platforms, but in unaudited smart contracts into which such loans are sent to exploit vulnerabilities,” notes CipherTrace.

Think we missed something? Let us know in the comment section below.

Share Your Opinion, Write a Comment