The DeFi protocol Cream Finance has to cope with another hacker attack, this time for more than 130 million US dollars. Most of the stolen funds were in Cream-LP and other ERC 20 tokens.
The series of huge DeFi hacks that have plagued the world of decentralized finance for months does not want to end. Now the team of Cream Finance caught, and not too close. In a tweet did the company confirmedto relieve various stocks worth around 130 million US dollars.
With the help of friends at @iearnfinance and others in the community, we were able to identify the vulnerabilities and patch them. In the meantime we have paused our v1 lending markets on Ethereum and we are in the process of putting together a post mortem report ”
says the tweet in question. The vulnerability was caused by PeckShield revealed. The blockchain security service identified a large flash loan transaction that was used to implement the security breach. According to blockchain records, $ 92 million was stolen from one address and $ 23 million from another address. From there, the funds apparently ended up in various other wallets and are now difficult to track.
Cream Finance has been the target of DeFi hacks several times
The stolen goods were mainly Cream-LP and other ERC-20 tokens. Cream LP tokens are bonuses for making deposits into the Cream pools. The price of Cream (CREAM) fell from $ 152 to $ 111 in minutes after the hack was announced, according to CoinGecko – a 27 percent drop. But were the security vulnerabilities known in advance?
Hackers have a playground at Cream Finance. Cream Finance needs to do better audits
writes one commentator on etherscan. The saying is certainly not a coincidence, as the protocol has been plagued by flash loan attacks several times in its history. It wasn’t until February that it lost $ 37.5 million and then another $ 18.8 million in August. This time the attacker himself left a rather cryptic message:
gÃTµ Baave lucky, iron bank lucky, cream not. ydev: incest bad, dont do.
This could be understood as an allusion to the DeFi lending platforms Aave and Iron Bank as well as Cream Finance. As if the attack attempts had failed with the first two. The current hack is according to one Ranking of Rekt the third largest ever. It should be noted that funds were returned in the two larger hacks. This brings the total amount of money stolen in DeFi attacks to over $ 500 million. Nine of the ten biggest DeFi hacks are from this year alone.