DeFi Platform Cream Finance Lost $29 Million Due to Hacking

Aug 31, 2021

DeFi Platform Cream Finance Lost $29 Million Due to Hacking

A hack of Cream Finance, a defi borrowing and lending protocol, resulted in the loss of more than $29 million from its vaults. The attacker took advantage of a loophole in the implementation for adding the amp token to the protocol. This is the second time that the platform has been hacked. Cream lost $37.5 million in the first hack, which occurred in February.

Cream Protocol Suffers Hack

Cream protocol, a decentralized lending and borrowing platform that operates on four distinct chains (Ethereum, BSC, Polygon, and Fantom), was hacked on Monday, resulting in the theft of $29 million in various cryptocurrencies. The attacker took advantage of a flaw in the protocol created by the addition of the amp token. According to Peckshield, a blockchain security and data analytics firm, the hack was carried out in a single transaction, using a reentrancy flaw in the amp currency's code.

The hacker was able to re-borrow assets throughout the transfer without having to update the original borrow. The hacker was able to obtain 418,311,571 amp (valued $25.1 million) and 1,308.09 ethereum (worth $4.15 million) by repeating the vulnerability 17 times. Prior to the introduction of the amp token, the platform has been examined by Trails Of Bits, a cybersecurity research and consulting organization.

Cream announced that it has put a stop to the exploit by halting supply and borrowing on amp. The procedure also said that no other markets were impacted and that a post-mortem report will be released at a later time.

Not the First Time

This isn't the first time Cream's website has been hacked. A breach on the site occurred less than six months ago, allowing the attacker to withdraw $37.5 million. Using an unpublished version of an Alpha Finance contract, another defi protocol, the hack took advantage of a rounding miscalculation in the code as well as a whitelisting function. After seizing the money, the attacker transferred them to Tornado.cash, an Ethereum protocol that allows for private transactions.

Fortunately, no user money was compromised in the initial breach. However, it demonstrates that the DeFi ecosystem is extremely complicated, and that even minor protocol changes (such as introducing a currency or whitelisting another platform) can have a significant influence on future security.

Subscribe Our Newsletter

Here’s What The Black Friday Carnage May Mean For The Stock Market’s Trade Monday, Analysts Say

Here’s What The Black Friday Carnage May Mean For The Stock Market’s Trade Monday, Analysts Say

The market crash on Black Friday, and the ensuing flight into assets that investors believe will perform better in the face of mobility constraints, has overshadowed the traditional focus on shopping on a day when consumers spend heavily before the Christmas holidays.

Read More
Omicron Threat Seen ‘as Short Term’ By Business Leaders: Commerce Secretary

Omicron Threat Seen ‘as Short Term’ By Business Leaders: Commerce Secretary

Omicron, the most recent coronavirus strain, has had a significant impact on some areas of the economy, resulting in workforce shortages and child care concerns, as well as reawakening some Americans' fear of leaving home again.

Read More

Liquidity Provider

Liquidity Risk
Let's find out what is the notion of liquidity risk, why should a trader get his orders executed instantly, and how to find and pick a reliable LP.

discover
What is the Difference Between Centralized and Decentralized Exchange?

Liquidity Provider

Liquidity Provider

What is the Difference Between Centralized and Decentralized Exchange?

The crypto market expands its borders, undergoing the transformation into a giant ecosystem. With the explosive growth in demand towards crypto-related services, the number of trading platforms is mushrooming.

Read More