Ethereum DeFi Protocol Cream Finance Succumbs To $130 Million Flash Loan Hack

Cream Finance is the latest Ethereum DeFi protocol to suffer another hack. The attackers had used a flash loan attack and made away with $130 million. Cream Finance confirmed the attack via a Twitter post where the project revealed that they were investigating the cause of the hack. The exploit had exposed vulnerabilities in the […]
Cream Finance is the latest Ethereum DeFi protocol to suffer another hack. The attackers had used a flash loan attack and made away with $130 million. Cream Finance confirmed the attack via a Twitter post where the project revealed that they were investigating the cause of the hack. The exploit had exposed vulnerabilities in the […]

Cream Finance is the latest Ethereum DeFi protocol to suffer another hack. The attackers had used a flash loan attack and made away with $130 million. Cream Finance confirmed the attack via a Twitter post where the project revealed that they were investigating the cause of the hack. The exploit had exposed vulnerabilities in the protocol’s lending pools, which had to be shut down to protect users.

Fixing The Vulnerabilities

A follow-up tweet from the project had confirmed that the attackers had indeed made off with approximately $130 million from the hack. The hack occurred on October 27th at 13:54 UTC and impacted only the lending liquidity pools. All other markets were unaffected as it seemed the vulnerabilities were only present in these pools.

Related Reading | Tom Brady Bestows Bitcoin To Fan In Exchange For 600th Touchdown Football

Another tweet assured the community that the vulnerability had been patched with help from Yearn.Finance. V1 lending markets on Ethereum remain paused pending a post-mortem review from the team.

Nonetheless, this is a significant hack for the protocol. The funds were moved through 68 different assets on the protocol with the majority being Cream Liquidity Pool tokens and ERC-20 tokens. PeckShield, a blockchain security firm, had initially sounded the alarm to the hack. It drew the attention of the Cream Finance team to blockchain data that showed that over $130 million had been sent out to two different wallets.

Cream Finance identified the wallets where the perpetrator had transferred the tokens. Although there has been no mention of confirming the identity of the attackers. And given the track record of hacks in the crypto space, their identity will most likely remain anonymous.

Previous DeFi Hacks

This is not the first time Cream Finance has succumbed to an exploit on its protocol. As a matter of fact, this marks the third successful exploit on the Cream Finance protocol. The first hack had occurred in February this year when attackers successfully made away with $37.5 million worth of coins. Subsequently, the price of Cream had tumbled 20% as news of the hack made the rounds.

Related Reading | Grayscale Discount Hints At Spot Bitcoin ETF Denial

Then in August, Cream Finance had again suffered another hack. This time, the protocol lost $29 million to the attackers. The attackers had exploited a bug introduced when the amp token was introduced into Cream Finance’s protocol. Blockchain security firm Peckshield had also reported this exploit and called attention to the bug.

The latest Cream Finance is the third-largest DeFi exploit in history. Poly Network and Compound finance still hold the record for the 1st and 2nd highest DeFi exploit respectively. Following the hack, the price of CREAM tanked 27%. The digital asset is still struggling to recover as the community awaits further updates from the team.

DeFi total market cap chart from TradingView.com

Total DeFi market cap at $151 billion | Source: Crypto Total DeFi Market Cap on TradingView.com
Featured image from CryptoSlate, chart from TradingView.com