The cryptocurrency exchange Cream Finance got hacked again to lose millions to the attacker. As it turns out, the attacker managed to exploit a bug in the platform that allowed pilfering money.
Cream Finance Exchange Hacked Again
The cryptocurrency exchange Cream Finance has suffered another cyber attack recently. This time, the attacker hacked Cream Finance to steal digital assets worth $130 million.
This incident first caught the attention of blockchain security firm PeckShield.
#FlashLoanAlert https://t.co/XzAvHqoINN
— PeckShield Inc. (@peckshield) October 27, 2021
Soon after, SlowMist (the same that investigated the Poly Network crypto heist) also shared a detailed analysis of the incident.
BREAKING: Ethereum DeFi protocol @CreamdotFinance hacked for more than $130 million. According to SlowMist AML statistics, the hacker has profited a total of 2760.22 ETH and 60 tokens including HBTC, USDT, BUSD, etc. SlowMist will continue to monitor the transfer of stolen funds. pic.twitter.com/eLPMz3YEII
— SlowMist (@SlowMist_Team) October 27, 2021
Until then, Cream Finance hadn’t stated anything besides acknowledging an exploit. But they later confirmed the attack assuring the incident affected the “C.R.E.A.M v1 lending markets” only.
Our Ethereum C.R.E.A.M. v1 lending markets were exploited and liquidity was removed on October 27, 1354 UTC. The attacker removed a total of ~$130m USD worth of tokens from these markets, using this address: https://t.co/17sPIDpCmr
No other markets were impacted.— Cream Finance ? (@CreamdotFinance) October 27, 2021
While it initially remained unclear how exactly the attacker managed the heist, the exchange later shared the details. As elaborated, the attacker exploited vulnerabilities that the exchange later patched. However, the damage was done, compelling Cream Finance to pause v1 lending on Ethereum.
With the help of friends from @iearnfinance and others in the community, we were able to identify the vulnerabilities and patch them.
In the meantime, we've paused our v1 lending markets on Ethereum and we're in the process of putting together a post-mortem review.
— Cream Finance ? (@CreamdotFinance) October 27, 2021
While Cream Finance hasn’t yet explained how the incident happened, SlowMist has presented its analysis. Mentioning the “root cause” of the attack, it stated,
The contract of this attack is to use the flaws in the Cream lending pool to obtain the price of collateral, and malicious manipulation increases the price of its collateral, allowing the attacker to borrow more tokens from the Cream lending pool.
As per the latest update, the exchange has seemingly traced the stolen funds from the attacker’s wallet. However, it hasn’t got anything back yet.
We'd like to provide the community with an important update about #CRETH2:
‼️ The 12,266 CRETH2 that were stolen have been placed in a Uniswap v3 LP.
? Please DO NOT BUY and REMOVE all CRETH2 liquidity on DEXs.
— Cream Finance ? (@CreamdotFinance) October 29, 2021
Let’s see if things unfold the way it happened with Poly Network. Unfortunately, in the past, not many cryptocurrency platforms have successfully recovered the stolen amount from the attackers.
Besides, this isn’t the first cybersecurity incident with Cream Finance. It has at least suffered three times this year, including the latest attack that happened in August.
Let us know your thoughts in the comments.