DeFi Hack: Cream Finance Lost $130M in a Flash Loan Attack

The team behind Cream Finance has confirmed that the decentralized finance (DeFi) lending and borrowing platform has lost $130 million in cryptocurrencies to hackers on Wednesday.

“Our Ethereum C.R.E.A.M. v1 lending markets were exploited and liquidity was removed on October 27, 1354 UTC,” the official Twitter handle of the DeFi platform wrote.

The attack was carried out using flash loans that do not require the borrowers to put up collateral as long as they pay back in a single block. Flash loan exploitation has become very common in breaching the securities of DeFi platforms.

The attacker siphoned $92 million worth of cryptocurrencies in one crypto address, while the other $23 million into another, along with some other small transactions. The funds, then, were moved to multiple other wallets. 

The attacker made a gain of around $117 million from the attack, according to security firm Peckshield.

Most of the stolen funds were in Cream LP tokens and other ERC-20 tokens. The incident also pushed the dollar value of CREAM drastically down by more than 25 percent in the last 24 hours.

The team behind the DeFi project has assured us that they are now identifying the vulnerabilities in the protocol and patching them up.

With the help of friends from @iearnfinance and others in the community, we were able to identify the vulnerabilities and patch them.

In the meantime, we’ve paused our v1 lending markets on Ethereum and we’re in the process of putting together a post-mortem review.

— Cream Finance 🍦 (@CreamdotFinance) October 27, 2021

One of the Largest DeFi Hack

The latest attack on Cream Finance is the third-largest attack in terms of the fiat value stolen funds on any DeFi platform. However, this is not the first attack on the lending platform.

By the end of August, the platform lost more than 418 million AMP, which is Flexa Network’s native token, and an additional 1,308 Ethereum in another attack. At the time of the theft, the value of the cryptos was around $25 million. The platform lost another $37.5 million in a flash loan attack in February.

Source: Read Full Article

click fraud detection