Cream Finance, a DeFi platform, was hacked, and $29 million was lost

Cream Finance, a DeFi platform, was hacked, and $29 million was lost

Cream Finance, a DeFi platform, was hacked, and $29 million was lost
twitter.com/CreamdotFinance

A DeFi borrowing and lending protocol, Cream Finance, got hacked and lost more than $29 million from its vaults. The hacker exploited the flaw in the company’s inclusion of amp token to the protocol.

This attack happened second time in their platform. First time when Cream Finance got hacked, they lost around $37.5 million which happened on February.  

Cream Finance is a decentralized lending and borrowing platform which operates on four different chains (Polygon, Ethereum, BSC & Fantom). The attack took place on Monday and cost the firm around $29 million in various cryptocurrencies.

A blockchain security and data analytics firm, Peckshield, said that the hack was carried out in a single transaction by exploiting the reentrancy bug which was in the amp cryptocurrency’s code.

The hacker was able to re-borrow assets during the transfer without having to update the first borrow. The hacker was able to obtain 418,311,571 amp (valued $25.1 million) and 1,308.09 Ethereum (valued $4.15 million) by repeating the exploit 17 times. The platform was audited by a cybersecurity and consulting firm, Trail Of Bits, before the attack.   

Cream announced that it had put a stop to the exploit by halting supply and borrowing on amp. The firm also stated that no other markets were impacted and an inquired report would be released in the near future.

Previous attack on Cream Finance

This attack is not a new to the Cream, as the firm suffered the same type of attack less than six months ago. Previously, the company lost around $37.5 million.

The hacker used the unreleased version of an Alpha Finance contract by exploiting the error in the code. After seizing the funds, the attacker transferred them to Tornado.cash, an Ethereum protocol that allows for private transactions.

Fortunately, no user fund was compromised in the first attack. However, it demonstrates that the DeFi ecosystem is extremely complicated, and that even minor protocol changes (such as introducing a currency or whitelisting another platform) can have a significant impact on future security.

Social share
Default image
Technology insight

Online Tech Magazine/Website where you will get all the latest news/articles/stories/reviews/unique perspective on modern technologies like Cryptocurrencies, Blockchain Technologies, NFTs, Artificial Intelligence, Deep Learning, Machine Learning, Quantum Computing and much more

Leave a Reply