Cream Finance, a decentralized finance (DeFi) protocol developed built around lending, has suffered a huge loss after a hacker stole almost $19 million from the platform. The flash loan hack was reported today after an unknown hacker managed to gain access to $18.8 million in the latest exploit of the Cream Finance protocol.
According to an investigation by PeckShield, a blockchain security firm, the attack was made possible through a reentrancy bug introduced by the Amp token. Cream Finance said in its announcement that the protocol had stopped the exploit by pausing supply and borrow contracts on the Amp token, adding that no other markets were impacted.
PeckShield explained that the hacker was able to exploit the Amp token by reborrowing assets as the transfer was being conducted. He or she was able to update the transfer to reborrow additional assets in 17 separate transactions, and PeckShield added, “The hacker makes a flash loan of 500 ETH and [deposited] the funds as collateral. Then the hacker [borrowed] 19M $AMP and [made] use of the reentrancy bug to re-borrow 355 ETH inside $AMP token transfer. Then the hacker [self-liquidated] the borrow.” The security firm also listed the hacker’s cryptocurrency address and added, “The funds are still parked in 0xCE1F….6EDE. We are actively monitoring this address for any movement.”
Amp, an Ethereum-based token, was designed to work as collateral for payments on the digital payments network Flexa. The digital token’s contract uses an ERC-77-based smart contract known as ERC-1820. The token was introduced in 2019, and, in accordance with the ERC-1820 standard, defines a universal registry smart contract where any address “can register which interface it supports and which smart contract is responsible for its implementation.”
Following the attack, Amp and Cream Finance’s native token, CREAM, saw their prices drop. Amp lost almost 13% in a 24-hour period and is now around $0.051908. CREAM is trading at $167, a dip of approximately 5% over the past 24 hours.
This isn’t the first time Cream has been involved in a high-profile hack. The Alpha Homora DeFI solution suffered a $37-million hack this past February that utilized Cream’s Iron Bank protocol-to-protocol lending platform. Some cryptocurrency exchanges have seen issues, as well. On Saturday, Bilaxy was the target of a major hot wallet hack that led to 295 ERC-20 tokens being compromised. Liquid, another cryptocurrency exchange, lost nearly $100 million in a hack that took place a little more than a week ago.
Read More: whichblockchain.com