Cream Finance is a major decentralized finance (DeFi) protocol that focused on lending. Unfortunately, the DeFi platform has suffered a terrible hacker attack wiping about $19 million from its platform.
According to Peckshield, a data analytics company, an unknown hacker managed to steal $18.8 million in the latest flash loan exploit of the Cream Finance protocol. The firm also stated that the hacker managed to gain such a massive number of tokens due to a reentrancy bug in the Amp token.
A flash loan attack is a smart contract exploit where the hacker borrows capital from a DeFi protocol and uses the capital in repaying the same transaction. What happens is hackers arbitrage the money borrowed from a DeFi pool, then return the capital quickly. So, they make a profit from the money borrowed.
After the attack, Cream Finance has stopped the exploit by pausing supply and borrow contracts on the particular token. They shared this news through their Twitter account.
They also added that “No other markets were affected.”
Peckshield also gave other details surrounding the attack. They specified that the hacker exploited the Amp token through reborrowing assets during its transfer. They detailed this through an example:
“The hacker makes a flash loan of 500 ETH and deposit the funds as collateral. Then the hacker borrows 19M $AMP and uses the reentrancy bug to re-borrow 355 ETH inside $AMP token transfer. Then the hacker self-liquidates the borrow.”
Following the attack, Amp token and Cream Finance’s native token, CREAM, dropped in price. Amp plummeted nearly 13% over the past 24 hours.