Fatcat Hacker Gets the Cream as CREAM Finance Is Creamed Again

CREAM Finance suffers an exploit yet again as a flash loan attack allows hackers to siphon away more than $130 million.

Another Day, Another Attack

CREAM Finance got hit once again on Oct. 27 with a flash loan attack which allowed the hacker to steal over $130 million worth of tokens on the protocol’s Ethereum v1 lending markets, as the protocol announced on Twitter.

Peckshield Inc, a blockchain security and data analytics company, brought this hack to the community’s attention via a Twitter thread. The protocol has clarified that no other markets that it maintains have been impacted due to this hack.

“The hack is made possible due to a price manipulation bug in CREAM price oracle. And this bug allows directly transferred yDAI+yUSDC+yUSDT+yTUSD tokens to significantly increase yUSD pricePerShare, which allows for basically borrowing all funds in current lending pools. (..) The initial funds to launch the hack are withdrawn from @TornadoCash, and the resulting gains are transferred to (0x24354D31bC9D90F62FE5f2454709C32049cf866b). The hacker is still swapping via @paraswap and @Uniswap. We are actively monitoring this address for any movement.” elaborated Peckshield’s Twitter thread further.

Source: CREAM Finance Medium Blog

In the meantime, the protocol paused their v1 lending markets on Ethereum and is putting together a post-mortem review of the incident.

As previously reported by BSC News, CREAM Finance’s v1 Ethereum lending market faced a flash loan attack earlier as well on August 30th, where $18 million was lost. The hack was possible due to a “reentrancy bug” that was introduced by the AMP token and was exploited to re-borrow assets during the transfer.

About CREAM Finance

CREAM Finance is a decentralized lending protocol made for individuals, institutions, protocols, and financial services. The lending protocol is a part of the Yearn Finance ecosystem. It is a permissionless, open-source, and blockchain agnostic platform that caters to users from the Ethereum, Binance Smart Chain (BSC), Polygon, and Fantom blockchain networks.

Find more about CREAM Finance here:

Website | Twitter | GitHub | Telegram | Medium | Blog | Discord | Kakaotalk |

Source : bsc.news

Leave a Reply

Your email address will not be published. Required fields are marked *