CREAM Finance suffers an exploit yet again as a flash loan attack allows hackers to siphon away more than $130 million.
Another Day, Another Attack
CREAM Finance got hit once again on Oct. 27 with a flash loan attack which allowed the hacker to steal over $130 million worth of tokens on the protocol’s Ethereum v1 lending markets, as the protocol announced on Twitter.
Peckshield Inc, a blockchain security and data analytics company, brought this hack to the community’s attention via a Twitter thread. The protocol has clarified that no other markets that it maintains have been impacted due to this hack.
“The hack is made possible due to a price manipulation bug in CREAM price oracle. And this bug allows directly transferred yDAI+yUSDC+yUSDT+yTUSD tokens to significantly increase yUSD pricePerShare, which allows for basically borrowing all funds in current lending pools. (..) The initial funds to launch the hack are withdrawn from @TornadoCash, and the resulting gains are transferred to (0x24354D31bC9D90F62FE5f2454709C32049cf866b). The hacker is still swapping via @paraswap and @Uniswap. We are actively monitoring this address for any movement.” elaborated Peckshield’s Twitter thread further.
In the meantime, the protocol paused their v1 lending markets on Ethereum and is putting together a post-mortem review of the incident.
As previously reported by BSC News, CREAM Finance’s v1 Ethereum lending market faced a flash loan attack earlier as well on August 30th, where $18 million was lost. The hack was possible due to a “reentrancy bug” that was introduced by the AMP token and was exploited to re-borrow assets during the transfer.
About CREAM Finance
CREAM Finance is a decentralized lending protocol made for individuals, institutions, protocols, and financial services. The lending protocol is a part of the Yearn Finance ecosystem. It is a permissionless, open-source, and blockchain agnostic platform that caters to users from the Ethereum, Binance Smart Chain (BSC), Polygon, and Fantom blockchain networks.
Find more about CREAM Finance here:
Website | Twitter | GitHub | Telegram | Medium | Blog | Discord | Kakaotalk |
Source : bsc.news
Founded in 2020, BSCNews is the leading media platform covering decentralized finance (DeFi) on the Binance Smart Chain (BSC). We cover a wide range of blockchain news revolving mainly around the DeFi sector of the crypto markets. BSCNews aims to inform, educate and share information with the global investment community through our website, social media, newsletters, podcasts, research, and live ask me anything (AMA). Our content reaches hundreds of thousands of global investors who are active in the BSC DeFi space.
BSC NEWS is a private news network. All posts posted by this user belong 100% to bsc.news All rights are reserved to BSC NEWS for more information about BSC NEWS contact BSC NEWS HERE.
