DeFi liquidity protocol built on Solana, Crema Finance, was hacked on July 2, 2022, and has since temporarily suspended its services on the platform because of an $8,782,446 exploit.
Crema Finance is a liquidity protocol that enables investors to provide liquidity while earning high returns.
Following the exploit, the protocol suspended its smart contract.
How did the Crema hack take place?
An attacker was successful in creating a false tick account and evading Crema Finance’s checks. In the concentrated liquidity market maker (CLMM) algorithm, a tick account is used to store price tick data.
The hacker used a smart contract to lend a Solend flash loan to open positions on Crema.
The calculation of transaction fees in CLMM is primarily based on the data in the tick account. As a result, the attacker was able to modify the pool’s transaction fee and benefitted from a massive fee.
The stolen funds were then swapped for 69422.9 SOL and 6,497,738 USDCet through Jupiter and through the Wormhole Exchange, the funds were transferred to Ethereum network and converted to 6064 ETH through Uniswap.
The Crema team tweeted, “To minimize the impact, we suspended our smart contract after the exploit. We’ve been closely working with several experienced security institutes and relevant organizations to track the hacker’s fund movements.”
The Crema team has sent an on-chain message to the hacker’s Ethereum address, stating that the hacker has 72 hours to consider becoming a white hat, keeping the $800k bounty, and transferring the remaining funds.
Otherwise, Crema Finance announced that it would begin working with law enforcement and relevant organizations to track down the hacker.
Crema Finance has sought the support of OtterSec (@osec io), Solscan (@solscanofficial), and SolanaFM (@solanafm) to trace the movement of stolen funds following the exploit, and the hacker’s addresses have been blacklisted on both Solana and Ethereum.
Also Read: Harmony Protocol Hacker Moves Funds to Tornado Cash Mixer
