Cream Finance Hacked: $25M lost in flash loan attack

Share on facebook
Share on google
Share on twitter
Share on linkedin
A VPN is an essential component of IT security, whether you’re just starting a business or are already up and running. Most business interactions and transactions happen online and VPN

In the latest in the ongoing string of attacks on the DeFi sector, decentralised finance company Cream Finance hacked to the tune of over 25 Million USD.

Blockchain security company Peckshield reported the Cream Finance Hack on August 30 2021, saying the attack was a form of a 500ETH flash loan, which was used to exploit a bug in the smart contract of the Flex Network. Normally, loans which are under-collateralized can be borrowed and repaid in a single transaction.

Peckshied said The hack was made possible due to a reentrancy bug introduced by $AMP, which is an ERC777-like token and exploited to re-borrow assets during its transfer before updating the first borrow. Specifically, in the example tx, the hacker makes a flashloan of 500 ETH and deposit the funds as collateral. Then the hacker borrows 19M $AMP and makes use of the reentrancy bug to re-borrow 355 ETH inside $AMP token transfer(). Then the hacker self-liquidates the borrow.

Cream Finance Hack confirmed – protocols in place to prevent further loss

The Cream Finance Hack was confirmed by the company, which also reported working with Peckshield on their Discord channel. The team said the hack was conducted on the CREAM v1 market on the Ethereum blockchain. Following the attack, the price of the AMP slipped 15% within a few hours, whilst the CREAM token sank around 6%.

The Cream Finance Hack is the latest attack on the growing DeFi sector, following attacks on the Poly Network, as well as Iron Finance and the Neko Network which we reported on previously which have all seen funds stolen in the last couple of months.

The Cream Finance team say they have now put protocols in place to prevent further losses, with a pause on AMP’s supply and borrowing. This isn’t the first Cream Finance Hack this year, with a huge attack earlier in the year seeing a loss of over $37.5M of digital assets.

Dylan Leighton

Dylan Leighton

Dylan Leighton is an composer, music producer, sound designer and mix engineer from the United Kingdom. Making music for over 40 years, he creates music for corporate clients, film and video, and his own personal enjoyment. Writing under the artist name Kalliste, he has composed in just about every genre, from hip-hop to funk to classical.

Leave a Replay

Sign up for our Newsletter

Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit