News

Hackers stole $29 million from Cream Finance platform

On August 30, 2021, hackers stole over $29 million worth of crypto assets from the Cream Finance DeFi platform.

The first signs of an attack were recorded by PeckShield, a blockchain security company, and soon the developers of Cream Finance themselves confirmed what was happening.

C.R.E.A.M. v1 market on Ethereum has suffered an exploit, resulting in a loss of 418,311,571 in AMP and 1,308.09 in ETH, by way of reentrancy on the AMP token contract. We have stopped the exploit by pausing supply and borrow on AMP. No other markets were affected.Cream representatives said on Twitter.

Experts write that an unknown hacker used a reentrancy attack against the flash loan function and eventually stole 418,311,571 AMP tokens from Cream Finance (at the time of the hack, about $25.1 million), as well as 1,308.09 ETH (approximately $4.15 million).

The term flash loan in this case refers to contracts on the Etherium blockchain that allow Cream Finance users to take quick loans from the company’s funds and then return them.

Reentrancy attacks work by flawing these contracts and allowing an attacker to initiate a repeated withdrawal of funds in a loop (before the original transaction is approved or rejected and the funds have to be returned).

The Record writes that the creator of the ZenGo cryptocurrency app and PeckShield have confirmed that the Cream Finance hack exploited an error in the ERC777 token contract interface that Cream Finance uses to interact with the underlying Etherium blockchain.

The hack became possible due to a reentrancy bug introduced by $AMP, which is an ERC777-like token and exploited to re-borrow assets during its transfer before updating the first borrow. Specifically, in the example tx, the hacker makes a flashloan of 500 ETH and deposit the funds as collateral. Then the hacker borrows 19M $AMP and makes use of the reentrancy bug to re-borrow 355 ETH inside $AMP token transfer(). Then the hacker self-liquidates the borrow. The hacker repeats the above process in 17 different txs and gains in total 5.98K ETHs (with ~$18.8M). The funds are still parked in 0xCE1F….6EDE. We are actively monitoring this address for any movement.the PeckShield team described the process of the robbery.

Let me remind you that we recently reported that Attackers stole $600 million from the Chinese DeFi platform Poly Network.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button