Cream Finance, an Ethereum-based lending and borrowing protocol, has suffered a loan flash assault, losing over $130 million worth of ether and ERC-20 tokens.
According to Peckshield, a block security firm, threat actors exploited a security loophole in the platform’s flash loan feature, then transferred the stolen funds to a wallet under their possession before splitting them through other wallets.
Following the assault, the value of the Cream LP tokens witnessed a substantial decline of 27 percent and is currently priced at around $111 (roughly Rs. 8,300), as per CoinGecko. The protocol that has over 72,000 followers on Twitter confirmed the attack and revealed that an investigation into the case is underway.
Additionally, the Cream Finance group is trying to negotiate with the hackers, offering to present them 10% of all of the tokens that had been lost. This is a known strategy that has paid off for some protocols which were exploited in the past.
Unfortunately, this is the third time Cream Finance suffered a loan flash attack this year, in August threat actors stole $29 million and another $37 million were stolen in February. However, this latest hack is the third-largest Defi hack in history.
According to a recent report released by CipherTrace, DeFi assaults are becoming very profitable for cybercriminals. The attacks accounted for 76% of all major hacks in 2021 and earned a profit of 361 million.
“By July 2021, DeFi-related hacks total $361 million, already making up three-quarters of the total hack volume this year—a 2.7x increase from 2020. DeFi-related fraud continues to rise, as well. At the time of this report, DeFi-related fraud accounted for 54% of major crypto fraud volume, whereas last year DeFi-related fraud only made up 3% of the year’s total,” states CipherTrace.
“The three hacks that Cream Finance has experienced are all related to flash loans, and the hackers from the [August attack] returned [most of] the stolen funds,” Sun Huang, general manager and vice president for security development operations at XREX Inc. stated. “This time we can expect the hacker to return as well, especially when the tracking technology for blockchain has become more mature and many could catch the hints and chase down attackers.”