Cream Finance (CREAM) has suffered a fresh security breach, losing $18 million to hackers. The digital assets stolen by the attackers include wrapped ether and AMP tokens. Cream Finance claims the situation is now under control, according to a tweet on August 30, 2021.
Cream Finance Hacked Again
Cream Finance (CREAM), a decentralized lending protocol powered by the Ethereum smart contracts blockchain, has announced via Twitter that hackers have successfully orchestrated a flash loan attack on its network, stealing millions of dollars worth of cryptoassets.
According to a Twitter thread by the Cream Finance team, a DeFi protocol that released an audit report last January, the smart contracts in CREAM v1 market on Ethereum was exploited by the attackers via a reentrancy attack, gifting a total of 418,311,571 AMP token and 1,308.09 ETH to the perpetrators.
“C.R.E.A.M. v1 market on Ethereum has suffered an exploit, resulting in a loss of 418,311,571 in AMP and 1,308.09 in ETH, by way of reentrancy on the AMP token contract. We have stopped the exploit by pausing supply and borrowing features on AMP. No other markets were affected,” Cream tweeted.
For those who are unaware, in simple terms, reentrancy is one of the most common and destructive attacks on blockchain systems based on the Solidity programming language. In a reentrancy attack, the bad actor drains the funds in its victim’s smart contract by recursively calling the target’s withdraw function.
One Too Many
The decentralized finance (DeFi) space has seen exponential growth in recent years and this massive success has made DeFi protocols a juicy target for bad actors. In 2021 alone there have been countless attacks on DeFi protocols, with even some of the most sophisticated platforms falling victims.
As reported by BTCManager on August 10, 2021, Poly Network, a cross-chain DeFi protocol lost more than $600 million to hackers and the incident has been described as the largest DeFi heist yet.
While this is not the first time that Cream Finance is getting targeted by hackers, as the platform lost over $37 million via a flash loan heist last February, this latest incident has, however, attracted mixed reactions on Twitter, with some observers suggesting the protocol might have just orchestrated a rug pull.
Another day, another exit scam.
Do people really think they were exploited? This is the most common excuse in their book.
— Mr. Whale (@CryptoWhale) August 30, 2021
At press time, the price of Cream Finance naive CREAM token is down by 6.42 percent, hovering around $164.24, according to CoinMarketCap.