- Hackers have compromised Cream Finance for the second time this year.
- The attack has resulted in a theft of over $18 million in altcoins.
- The price of Cream dives over 6% following the attack.
YEREVAN (CoinChapter.com) — Hackers have attacked Cream Finance, a decentralized lending protocol that enables individuals, financial institutions, and other protocols to borrow and lend capital.
According to a Twitter post by the company, the hackers stole 418,311,571 in digital collateral token AMP and 1,308.09 in Etherem’s native asset ETH by employing a flash loan attack. A conservative estimate puts the total value of the stolen assets at $18.8 million. However, other sources claim the amount could reach $25 million.
This was the second flash loan attack on the network this year. In February, Cream Finance had lost $37.5 million in the process.
What happened to Cream Finance?
According to an investigation by blockchain security firm Peckshield, the hacker took advantage of a reentrancy bug introduced by the Amp (AMP) token.
The security firm informed that the hacker exploited the cryptocurrency by re-borrowing assets during its transfer before updating the first borrow. The hacker then repeated the process in 17 separate transactions.
Explaining the process through an example, Peckshield tweeted:
“The hacker makes a flash loan of 500 ETH and deposit the funds as collateral. Then the hacker borrows 19M $AMP and makes use of the reentrancy bug to re-borrow 355 ETH inside $AMP token transfer. Then the hacker self-liquidates the borrow.”
Reacting quickly to the attack, Cream Finance clarified that the protocol had stopped the exploit by pausing supply and borrow contracts on the AMP token.
“No other markets were affected,” the DeFi network stated.
Recommended: Solana hits new record high at $103
The DeFi loophole
Decentralized Finance (DeFi) is notorious for its loopholes. In the past months, hackers have compromised several DeFi platforms, raising questions about the safety of DeFi in general.
Central to all these attacks has been one of DeFi’s most innovative yet controversial features: loans that do not require collateral.
In essence, the new blockchain innovation allows people to take loans for a specific transaction because the borrower will return the fund immediately after the transaction is complete. Failing to do so will result in the transaction getting canceled.
Attackers use this otherwise innovative feature to re-borrow assets in a series of transactions, siphoning off funds in the process.
Cream Finance prices fall
Since the news of the attack, prices of the CREAM fell rapidly. In the last 24 hours alone, the crypto dived over 6.7 percent, reaching $161 at one point—an approx 22% drop in the past two weeks.
CREAM is currently hovering around $163.
With the news coming in the wake of regular attacks on DeFi and cryptocurrency platforms, developers have to do a lot of work to prevent hackers from taking advantage. In the meantime, with two hacks in one year, Cream Finance’s reputation as a safe platform may stand compromised.