News

Hackers stole $29 million from Cream Finance platform

On August 30, 2021, hackers stole over $29 million worth of crypto assets from the Cream Finance DeFi platform.

The first signs of an attack were recorded by PeckShield, a blockchain security company, and soon the developers of Cream Finance themselves confirmed what was happening.
C.R.E.A.M. v1 market on Ethereum has suffered an exploit, resulting in a loss of 418,311,571 in AMP and 1,308.09 in ETH, by way of reentrancy on the AMP token contract. We have stopped the exploit by pausing supply and borrow on AMP. No other markets were affected.Cream representatives said on Twitter.

Experts write that an unknown hacker used a reentrancy attack against the flash loan function and eventually stole 418,311,571 AMP tokens from Cream Finance (at the time of the hack, about $25.1 million), as well as 1,308.09 ETH (approximately $4.15 million).

The term flash loan in this case refers to contracts on the Etherium blockchain that allow Cream Finance users to take quick loans from the company’s funds and then return them.

Reentrancy attacks work by flawing these contracts and allowing an attacker to initiate a repeated withdrawal of funds in a loop (before the original transaction is approved or rejected and the funds have to be returned).

The Record writes that the creator of the ZenGo cryptocurrency app and PeckShield have confirmed that the Cream Finance hack exploited an error in the ERC777 token contract interface that Cream Finance uses to interact with the underlying Etherium blockchain.

The hack became possible due to a reentrancy bug introduced by $AMP, which is an ERC777-like token and exploited to re-borrow assets during its transfer before updating the first borrow. Specifically, in the example tx, the hacker makes a flashloan of 500 ETH and deposit the funds as collateral. Then the hacker borrows 19M $AMP and makes use of the reentrancy bug to re-borrow 355 ETH inside $AMP token transfer(). Then the hacker self-liquidates the borrow. The hacker repeats the above process in 17 different txs and gains in total 5.98K ETHs (with ~$18.8M). The funds are still parked in 0xCE1F….6EDE. We are actively monitoring this address for any movement.the PeckShield team described the process of the robbery.

Let me remind you that we recently reported that Attackers stole $600 million from the Chinese DeFi platform Poly Network.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove News-bpudepi.today pop-up ads (Virus Removal Guide)

News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove Doguhtam.xyz pop-up ads (Virus Removal Guide)

Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove News-xlixoti pop-up ads (Virus Removal Guide)

News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…

1 day ago

Remove Ducesousightion pop-up ads (Virus Removal Guide)

Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove News-xlabica.live pop-up ads (Virus Removal Guide)

News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove Mergechain.co.in pop-up ads (Virus Removal Guide)

Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…

1 day ago