Cream Finance Loses $25 Million To A Flash Loan Attack

PeckShield reported through a tweet of the new hack on Cream Finance. The blockchain security company said a flash loan attack on the decentralized finance lending and borrowing protocol.

#FlashLoanAlert https://t.co/JPW7e368qd

— PeckShield Inc. (@peckshield) August 30, 2021

PeckShield explained that the hacking came through a 500 Ethereum flash loan from the attacker. This was used to infiltrate a reentrancy bug in the smart contract of the Flex Network. Usually, flash loans being undercollateralized can be borrowed and repaid within a single transaction.

Related Reading | Cryptocurrency Firms In Switzerland To Offer Tokenized Products On Tezos

As a DeFi protocol for lending, Cream Finance allows users to earn interest from their deposited assets. Though Cream Finance is a fork of the Compound protocol, its operation is quite different from Compound or Aave. The platform has several more markets for some esoteric digital assets.

1/4 @CreamFinance was exploited in (one hack tx: https://t.co/JPW7e368qd), leading to the gain of ~$18.8M for the hacker.

— PeckShield Inc. (@peckshield) August 30, 2021

This attack on Cream Finance was exploitation involving 1,308 Ethereum and over 418 million AMP, the native token of Flexa Network. According to PechShield, the Ethereum records reveal that over $6 million were hacked at 5:44 UTC.

Cream Finance Becomes Another DeFi Protocol Hacked In 2021

Furthermore, the Cream Finance team members confirmed the authenticity of the hacking reporting. Then, reporting on Discord Channel, the project’s official channel, the members started working with PeckShield.

The team revealed that the hacking was on the CREAM v1 market on the Ethereum Blockchain. Furthermore, they mentioned that it’s through the reentrancy of the contract on the AMP token.

At the time of writing, AMP’s value has dipped by 15% within few hours to $0.05. Also, the value of Cream Finance’s native token, CREAM, plummeted by about 6%.

However, ETH is at $3, 190.46 showing a slight dipping within the last 24 hours. The total amount of the Crean Finance hacking is more than $25 million. The address of the hackers shows that they presently have about $18.8 million.

Amidst the hack, Cream Finance is down by 6% | Source: CREAMUSD on TradingView.com

The Cream Finance team has put a stop to any further loss. The team said that it now has a pause on AMP’s supply and borrow. It further acknowledged that the hack doesn’t affect any other market. Eason Wu, the protocol’s production Manger, disclosed this information on Discord.

Recall that earlier in the year; Cream Finance had a huge hack. The attack led to the loss of $37.5 million worth of digital assets. According to the report, the earlier hacking had a root cause from the exploitation of Alpha Finance.

Related Reading | Reports Show 45% Surge In Stock And Cryptocurrency Sign-Ups Across Rural Areas In India

Flash loans have remained one of the controversial features of decentralized finance. This’s because there’s no collateral needed for the loans, and hence, they are susceptible to hacks. This accounts for the recent attacks and hacks of flash loans.

A similar incident is a hack on the Bilaxy crypto exchange on August 28. The exchange had a huge hot wallet hack that compromised about 295 ERC-20 tokens. Also, a hack on Liquid on August 19 resulted in a loss of about $100 million.

Featured image from Pixabay, chart from TradingView.com