Cream Finance loses $18.8 million in a flash loan attack


Choose your language:
Decentralised finance (DeFi) platforms have lost hundreds of millions of dollars to hackers over the last few months, and the situation continues to worsen.
DeFi lending protocol Cream Finance announced yesterday that it had suffered an exploit, resulting in a loss of nearly $19 million. In an official announcement yesterday, Cream Finance said the hacker exploited a weakness in the $AMP token contract to execute a flash loan attack.
C.R.E.A.M. v1 market on Ethereum has suffered an exploit, resulting in a loss of 418,311,571 in AMP and 1,308.09 in ETH, by way of reentrancy on the AMP token contract.
We have stopped the exploit by pausing supply and borrow on AMP. No other markets were affected.
— Cream Finance 🍦 (@CreamdotFinance) August 30, 2021

According to the developers, the protocol lost 418,311,571 AMP tokens and 1,308.09 ETH coins as a result of the attack. The total coins and tokens lost were worth $18.8 million. Following the attack, the Cream Finance developers have paused the AMP supply and borrow.
Cream Finance further announced that blockchain analysis firm PeckShield is currently conducting a postmortem of the attack. PeckShield has been sharing some of its findings with the cryptocurrency community.
PeckShield said the $AMP contract brought in a re-entrancy bug, providing the perfect environment for a flash loan attack. Flash loan attacks allow hackers to continue borrowing assets with little collateral. This is because they can continue to re-borrow the funds as long as they return them within the same transaction block.
PeckShield said with Cream Finance, the attacker carried out a flash loan of 500 ETH, deposited the funds as collateral and proceeded to withdraw the 19 million AMP tokens. The hacker went on to exploit the re-entrancy flaw in the $AMP contract to borrow an extra 355 ETH within the same AMP transaction before liquidating.
The analysis revealed that the hacker executed the attack over 17 transactions, stealing $18.8 million in the process. At the moment, it is unclear who the hacker is, but PeckShield is monitoring the receiving address for any movement.
Decentralised finance protocols have suffered numerous attacks since the start of the year. The biggest of them happened earlier this month, with Poly Network losing $611 million to a hacker.
However, the hacker had a change of mind and returned the funds to the protocol. The hacker was offered the role of the chief security advisor to the Poly Network project and a bounty of $500,000.
Keep updated with our round the clock and in-depth cryptocurrency news.
Unsub anytime
No SPAM ever!
After signing up, you may also receive occasional special offers from us via email. We will never sell or distribute your data to any third parties. View our privacy policy here.
Please be aware that some of the links on this site will direct you to the websites of third parties, some of whom are marketing affiliates and/or business partners of this site and/or its owners, operators and affiliates. We may receive financial compensation from these third parties. Notwithstanding any such relationship, no responsibility is accepted for the conduct of any third party nor the content or functionality of their websites or applications. A hyperlink to or positive reference to or review of a broker or exchange should not be understood to be an endorsement of that broker or exchange’s products or services.
Risk Warning: Investing in digital currencies, stocks, shares and other securities, commodities, currencies and other derivative investment products (e.g. contracts for difference (“CFDs”) is speculative and carries a high level of risk. Each investment is unique and involves unique risks.
CFDs and other derivatives are complex instruments and come with a high risk of losing money rapidly due to leverage. You should consider whether you understand how an investment works and whether you can afford to take the high risk of losing your money.
Cryptocurrencies can fluctuate widely in prices and are, therefore, not appropriate for all investors. Trading cryptocurrencies is not supervised by any EU regulatory framework. Past performance does not guarantee future results. Any trading history presented is less than 5 years old unless otherwise stated and may not suffice as a basis for investment decisions. Your capital is at risk.
When trading in stocks your capital is at risk.
Past performance is not an indication of future results. Trading history presented is less than 5 years old unless otherwise stated and may not suffice as a basis for investment decisions. Prices may go down as well as up, prices can fluctuate widely, you may be exposed to currency exchange rate fluctuations and you may lose all of or more than the amount you invest. Investing is not suitable for everyone; ensure that you have fully understood the risks and legalities involved. If you are unsure, seek independent financial, legal, tax and/or accounting advice. This website does not provide investment, financial, legal, tax or accounting advice. Some links are affiliate links. For more information please read our full risk warning and disclaimer.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Ripple, IOTA and NEM Could Continue Bearish Trend

Next Post

Ethereum price prediction: ETH looks to top resistance at $3,900

Related Posts