Cream Finance protocol has $25.7 million in ETH and AMP stolen - 2nd attack in only 6 months

Cream Finance hit by a 2nd attack in 6 months

The last few weeks have been a fruitful time for attackers of decentralized finance (DeFi) protocols. The Cream Finance lending and borrowing protocol has just suffered a major attack encrypted at several million dollars.

According to the Cream Finance team, the attacker who exploited the flaw took nearly 418 million AMP tokens and 1,308 Ethers (ETH). At the time of the attack, the total amount recovered by the hacker was nearly $25.7 million. The Ethereum address identified as belonging to the hacker currently has $18.8 million.

To prevent further losses, the Cream Finance team has suspended all AMP token-specific functionality. It also states that other markets on the platform are not affected.

According to experts at PeckShield, a company specializing in crypto-security, the attacker managed to make a ” flash loan ” of 500 ETH, which were used to exploit a bug in the smart contract of Ampleforth and steal AMP tokens. As a reminder, flash loans are under-collateralized loans that are borrowed and repaid within the same transaction.

Specifically, the attack deposited ETH as collateral in the protocol, to borrow $19 million worth of AMP and use a reentrance bug to re-borrow 355 ETH with a smart contract feature. By repeating the operation 17 times, the attacker managed to accumulate a jackpot of 5,980 Ethers.

Since the revelations about the attack, the price of AMP has dropped nearly 15%, from $0.058 to nearly $0.050. As for theprice of the CREAM token, it has fallen by 6%, from $180 to $167.

This is not the first time that Cream Finance has been hit by such a major attack. Last February, the protocol also suffered a flash-loan attack and had the equivalent of $37.5 million in cryptocurrencies stolen.

Attacks against DeFi protocols are still as common as ever. Whether on Ethereum, Binance Smart Chain or other blockchains that are starting to develop a large ecosystem of applications, the risk is still as present as ever, and this despite the many security audits performed by specialized companies.

Related News – Over $600 million stolen from Poly Network protocol – The biggest crypto-hack of all time

About the author : Clément Wardzala

Cream Finance protocol has $25.7 million in ETH and AMP stolen - 2nd attack in only 6 months


Editor-in-Chief of Cryptoast, I discovered Bitcoin and blockchain technology in 2017. Since then, I’ve been striving to share qualitative content to make the industry more democratic for everyone.
All articles by Clement Wardzala.