The cryptocurrency exchange Cream Finance got hacked again to lose millions to the attacker. As it turns out, the attacker managed to exploit a bug in the platform that allowed pilfering money.
Cream Finance Exchange Hacked Again
The cryptocurrency exchange Cream Finance has suffered another cyber attack recently. This time, the attacker hacked Cream Finance to steal digital assets worth $130 million.
This incident first caught the attention of blockchain security firm PeckShield.
Soon after, SlowMist (the same that investigated the Poly Network crypto heist) also shared a detailed analysis of the incident.
Until then, Cream Finance hadn’t stated anything besides acknowledging an exploit. But they later confirmed the attack assuring the incident affected the “C.R.E.A.M v1 lending markets” only.
While it initially remained unclear how exactly the attacker managed the heist, the exchange later shared the details. As elaborated, the attacker exploited vulnerabilities that the exchange later patched. However, the damage was done, compelling Cream Finance to pause v1 lending on Ethereum.
While Cream Finance hasn’t yet explained how the incident happened, SlowMist has presented its analysis. Mentioning the “root cause” of the attack, it stated,
The contract of this attack is to use the flaws in the Cream lending pool to obtain the price of collateral, and malicious manipulation increases the price of its collateral, allowing the attacker to borrow more tokens from the Cream lending pool.
As per the latest update, the exchange has seemingly traced the stolen funds from the attacker’s wallet. However, it hasn’t got anything back yet.
Let’s see if things unfold the way it happened with Poly Network. Unfortunately, in the past, not many cryptocurrency platforms have successfully recovered the stolen amount from the attackers.
Besides, this isn’t the first cybersecurity incident with Cream Finance. It has at least suffered three times this year, including the latest attack that happened in August.
Let us know your thoughts in the comments.