DeFi Cream Finance platform suffers second $25 million hack in six months
DeFi Cream Finance platform suffers second $25 million hack in six months By Hannah Perez

The lending protocol suffered a flash loan attack that resulted in losses of more than $25 million. Cream Finance previously fell victim to a similar hack in February.

***

Cream Finance, a decentralized finance (DeFi) protocol based on Binance Smart Chain

(BSC) and focused on loans, was the victim of a hack that has resulted in losses in excess of USD $20 million.

The Cream Finance developer team announced about the hack this Monday via Twitter. According to the information, the hacker reportedly took advantage of a re-entry error in the token contract for AMP, a Consensys-backed digital collateral token

listed on the platform.

The C.R.E.A.M. v1 marketplace on Ethereum

has suffered an attack, resulting in a loss of 418,311,571 in AMP and 1,308.09 in ETH through re-entry into the AMP token contract. “, they wrote and assured:

We have stopped the exploit by pausing bidding and lending on AMP. No other markets have been affected.

At the time of editing this article, the loss of funds in AMP and Ethereum

cryptocurrencies totals USD $26.7 million, based on current prices.

Cream Finance suffers flash loans

attack

See also  Bitcoin (BTC): towards a breakout of ATH?

According to research by Blockchain security firm, PeckShield, the unknown attacker used a flash loan before exploiting the re-entry bug. The firm, which led the initial analysis, detailed the hacker ‘s steps via a tweet

thread:

The hacker makes a flash loan of 500 ETH and deposits the funds as collateral .Then, the hacker borrows 19M $ AMP and makes use of the re-entry error to re-borrow 355 ETH within the $ AMP token transfer. Then, the hacker autoloans the loan,” PeckShield

explained. The hacker repeated this process several times to extract the funds.

Based on EthereumAMP is a token that is designed to secure payments on the digital payment network, Flexa. The Amp token contract implements the ERC-77-based smart contract of record, known as ERC-1820. Introduced in 2019, the ERC-1820 standard defines a universal registration contract where any address “can register which interface is supported and which smart contract is responsible for its implementation.”

The PeckShield team told Crypto Briefing media outlet about it that there could be a “risk of composability between Compound-based borrowing protocols and ERC-777-like tokens.”

As a result of the event, both AMP and Cream Finance’s native token, CREAM, experienced a notable price drop. The former has collapsed 8% in the last 24 hours, trading at USD $0.054, while CREAM is trading at USD $163, down nearly 7%.

See also  German law will allow funds to invest in cryptos

Its second hack in 2021

The respective teams at Cream Finance and Peckshield are still investigating the attack, though they advanced that a post-mortem will be conducted soon.

This is the second time in the last six months that this DeFi platform has been hacked. In February, Cream Finance lost about USD $37.5 million in what was then labeled as one of the largest flash loan hacking attacks.

Flash loan attacks, which have become very popular this 2021, take advantage of one of DeFi’s most controversial features: loans that don’t require collateral. Flash loans are financial loans based on Blockchain where large amounts of tokens are borrowed, used for some purpose, and repaid, all in the same transaction.

The latest attack on Cream Finance comes amid a growing wave of hacks on DeFi protocols, centralized platforms and other projects in the space. Blockchain. A few weeks ago we reported that the DeFi protocol <a href=”https://www.diariobitcoin.com/negocios/verticales/seguridad/poly-network-ofrece-a-hacker-puesto-como-advisor-head-of-security/” target=”_blank” rel=”noopener”>PolyNetwork was hacked for USD $600 million. Also the exchange centralized Liquid Global suffered an attack recently with losses estimated at USD $90 million.

Recommended Reading

Sources: CoinDesk, Cointelegraph, Crypto Briefing, CoinDesk, archive

Version by Hannah Estefania Perez / DiarioBitcoin

Image from Unsplash