DeFi

Cream Finance hit by flash loan attack loses $25 million

  • Two attackers carried out the exploit with a total of 17 transactions stealing $25 million in funds
  • Peckshield was the first to discover the attack and alerted the DeFi Protocol about it
  • The project was also hacked on February 13 and lost $37.5 million because of a flash loan attack

DeFi Lending Protocol Cream Finance has fallen victim to a flash-loan attack losing the protocol $25 million during the attack.

Blockchain security firm Peckshield discovered the attack

Cream Finance (CREAM), a project described as a decentralized DeFi lending protocol for individuals, was exploited using a flash loan. According to initial statements, the attack resulted in a loss of $18 million, but this was because the price of AMP dropped 15%. During the attack itself, around $25 million of AMP was stolen.

The Chinese journalist Wu Blockchain reported that two attackers carried out the exploit with a total of 17 transactions and Cream finance confirmed the attack on their Twitter stating that they have stopped the exploit by pausing supply and borrow on AMP.

Blockchain security firm Peckshield was the first to discover the attack and alerted the DeFi Protocol about it. They said they found the cause of the attacks and asked Cream Finance to contact them for more details. Later the firm explained that the hacker was able to make a 500 Ethereum flash loan using an exploit found in the Ampleforth smart contract.

The second time that Cream Finance was exploited

The project was also exploited on February 13 and lost $37.5 million. The attacker managed to manipulate the liquidity in the original pool at Homora Bank and ended up borrowing large amounts of WETH, USDC, USDT and DAI from the Iron Bank. They repeated the process and flash loans until they captured over $37 million directly from the protocol.

At the time of writing, CREAM is trading at $166.69, and it is possible that the price could fall even further as the news spreads. CREAM has lost about 5% in value in the last 24 hours which is likely caused by the attack.

Sign up for our FREE mailing list

Join 12,590 others now and get actionable research and analysis sent directly to your inbox.

Post a Comment

GET YOUR CRYPTO DAILY BRIEF

Delivered daily, straight to your inbox.