A DeFi borrowing and lending protocol, Cream Finance, got hacked and lost more than $29 million from its vaults. The hacker exploited the flaw in the company’s inclusion of amp token to the protocol.
This attack happened second time in their platform. First time when Cream Finance got hacked, they lost around $37.5 million which happened on February.
Cream Finance is a decentralized lending and borrowing platform which operates on four different chains (Polygon, Ethereum, BSC & Fantom). The attack took place on Monday and cost the firm around $29 million in various cryptocurrencies.
A blockchain security and data analytics firm, Peckshield, said that the hack was carried out in a single transaction by exploiting the reentrancy bug which was in the amp cryptocurrency’s code.
The hacker was able to re-borrow assets during the transfer without having to update the first borrow. The hacker was able to obtain 418,311,571 amp (valued $25.1 million) and 1,308.09 Ethereum (valued $4.15 million) by repeating the exploit 17 times. The platform was audited by a cybersecurity and consulting firm, Trail Of Bits, before the attack.
Cream announced that it had put a stop to the exploit by halting supply and borrowing on amp. The firm also stated that no other markets were impacted and an inquired report would be released in the near future.
Previous attack on Cream Finance
This attack is not a new to the Cream, as the firm suffered the same type of attack less than six months ago. Previously, the company lost around $37.5 million.
The hacker used the unreleased version of an Alpha Finance contract by exploiting the error in the code. After seizing the funds, the attacker transferred them to Tornado.cash, an Ethereum protocol that allows for private transactions.
Fortunately, no user fund was compromised in the first attack. However, it demonstrates that the DeFi ecosystem is extremely complicated, and that even minor protocol changes (such as introducing a currency or whitelisting another platform) can have a significant impact on future security.
- Also read about: Finally, the hacker who stole $600 million in crypto has returned all the stolen amount
- Also read about: In a crypto crime in Japan, hackers stole roughly $100 million.
- Also read about: More than $500 million in Ethereum have been moved by the Whales as volatility in the crypto markets picks up
- Also read about: Pi Hackathon Showcase #BuildPi2gether
