In Brief:
- Cream Finance has suffered a severe exploit with a hacker stealing nearly $19 million from its platform.
- According to PeckShield, The hacker managed to exploit the protocol through a reentrancy bug introduced by the Amp token.
Cream Finance, major decentralized finance (DeFi) protocol, suffered a severe exploit. The hacker stole nearly $19 million from the platform. The blockchain analysis firm PeckShield first investigated the hack.
Cream Finance announced on Twitter that the protocol has stopped the exploit by pausing supply and borrowing contracts on the Amp token. “No other markets were affected,” Cream Finance stated.
The unknown hacker managed to exploit the protocol through a reentrancy bug introduced by the Amp token. The exploit resulted in the loss of more than 418 million AMP and an additional 1,308 Ethereum.
The total value of the exploited digital tokens at the time of the attack was around $25 million. However, AMP prices immediately slumped by 15%. This took the dollar value of the exploit to $18.8 million, as of press time.
PeckShield specified that the hacker exploited the Amp token by reborrowing assets during its transfer. This was before he updated the first to borrow in 17 separate transactions.
Providing an example transaction, the security firm stated, “The hacker makes a flash loan of 500 ETH and deposits the funds as collateral. Then the hacker borrows 19M $AMP and makes use of the reentrancy bug to re-borrow 355 ETH inside $AMP token transfer. Then the hacker self-liquidates the borrow.”
Also Read: The Biggest Defi Hack: Poly Network Drained of $611M
“The funds are still parked in 0xCE1F….6EDE. We are actively monitoring this address for any movement,” PeckShield added, providing the hacker’s address.
The latest flash loan exploit comes amid the increasing amount of hacks and exploits among both centralized and decentralized cryptocurrency platforms.
