Cream Finance Exploited, $130 Million In LP and ERC-20 Tokens Stolen

Cream Finance, a decentralized finance (DeFi) protocol that forms a part of the Yearn Finance ecosystem, has been hacked yet again. This time, some $130 million worth of its Cream Liquidity Pool tokens and other ERC-20 tokens on the protocol have been stolen.

Source: cryptodaily.co.uk

According to an initial report by Chinese blockchain security and data analytics firm PeckShield Inc., an estimated $117 million was initially exploited through a flash loan attack, a known vulnerability vector among DeFi protocols.

Transaction data of the attack suggests that the yet unidentified threat actor has slashed most of the funds from Cream’s LP tokens and converted these to DAI and USDC. The addresses received two separate amounts for $92 million and $23 million respectively, with the funds being moved to various other wallets.

Following the attack, Cream Finance’s $CREAM token drastically dropped from a spot token price of $152 to $111, an almost 30% fall in less than an hour. To date, the hack constitutes the third largest DeFi hack in history, following $611 million on Poly Network , and $147 million on Compound .

At press time, Cream Finance has not issued any detailed statement on the matter. It did, however, acknowledge that the attack has occured and said that it will be investigating what happened to its C.R.E.A.M. v1 protocol based on Ethereum.

This latest attack on Cream Finance is the third in its history, having lost some $37.5 million in February earlier this year, and another $18.8 million in August. Cream Finance’s C.R.E.A.M. Flash Loans program was launched in April, in a bid to serve developers with access to undercollateralized loans. At the time, only about $90 million in liquidity was available for access through its Binance Smart Chain version.

This story is currently developing and CryptoDaily will update relevant information on the matter as it unfolds.

Leave a Reply