BREAKING: Cream Finance appears to have suffered major loss in flash loan hack

Oct 27, 2021 | CoinTelegraph News | 0 comments

Malicious actors continue to target decentralized finance projects for their exploits. On Wednesday, a major DeFi lending platform suffered a flash loan attack.

Decentralized lending platform Cream Finance appears to have suffered a severe exploit on Wednesday, with an attacker stealing over $100 million worth of funds through a large flash loan attack. 

Blockchain data analytics company PeckShield first identified the flash loan on Wednesday. The compromised funds were mainly Cream liquidity provider tokens, as well as other Ethereum-based tokens.

During a flash loan attack, an attacker exploits vulnerable smart contracts in order to create their own arbitrage opportunity. Typically, this is done by modifying the relative value of a trading pair by flooding the contract using their loaned tokens.

Cream Finance has been routinely targeted by attackers, as evidenced by the $19-million flash loan hack of the protocol in August. As Cointelegraph reported at the time, the attack was facilitated by a reentrancy bug introduced by the Amp cryptocurrency, an Ethereum-based token designed to collateralize digital payments on Flexa. At the time of writing, Cream’s total value locked (TVL) was worth over $1.5 billion, according to industry sources. 

Cream Finance TVL. Source: Defillama

Cream Finance’s forums appear to have been pulled in the wake of the attack, though the protocol did notify its Twitter followers that the flash loan is being investigated. The Twitter thread is filled with angry responses about Cream’s poor track record when it comes to safeguarding user funds. 

Related: Hackers exploit MFA flaw to steal from 6,000 Coinbase customers — Report

While decentralized finance, or DeFi, has been lauded for revolutionizing traditional finance and promoting financial inclusion, the industry’s track record regarding consumer protection has been shoddy. A comprehensive list of DeFi attacks reveals 63 exploits as of Sept. 16, with the lost funds totaling roughly $1.2 billion, according to CryptoSec. The latest exploit of Cream Finance would be one of the largest.

The value of Cream Finance’s CREAM token crashed amid the news, falling more than 26% to $115.47, according to Cointelegraph Markets Pro.

News Source from CoinTelegraph.com

Related Articles

An updated look at DeFi audits and bug bounties

An updated look at DeFi audits and bug bounties

Quick Take As DeFi continues to grow, exploiting smart contracts will become more and more lucrative While hacks are inevitable, reasonable efforts can be made to ensure that the likelihood of their occurrences is kept at a minimum Smart contract audit firms are...

Pin It on Pinterest

Share This