This would be the third hack that Cream Finance suffers so far in 2021.
The attacker would be using transaction mixing services to launder the stolen tokens.
The decentralized finance protocol (DeFi) Cream Finance came under a new attack this Wednesday, October 27. This time, the hacker managed to extract tokens worth close to $ 130 million.
The attacker exploited a vulnerability in the smart contract of flash loans (instant loans) from Cream Finance on the Ethereum network. The protocol also has funds in the Binance Smart Chain and the Polygon and Fantom blockchains that, as of the writing of this article, are not reported as affected by the attack.
The alarms went off once the company specialized in blockchain security, PeckShield, launched an alert on its Twitter account about a large transaction from the aforementioned contract. The transaction shows that the loan involved about 70 assets, mostly ERC-20 tokens.
The amount was transferred to a smart contract and an address created by the attacker, who received around $ 92 million and $ 25 million respectively. According to some reports, the attacker would be “laundering” the stolen funds, using transaction mixing services that hinder traceability on the blockchain.
The price of the CREAM token plummeted almost 30% after the news of the attack on the DeFi Cream Finance platform became known. Source: Coingecko.
At the moment, Cream Finance has not offered details of the case on any of its social networks and its Discord account is restricted. Although they did announce on Twitter that they initiated an investigation. “We are investigating an exploit in CREAM v1 on Ethereum and will share updates as soon as they are available,” the tweet can read.
Three hacks in a year
Finance is defined as “a decentralized loan protocol that allows people, institutions and protocols to access financial services.” The company is part of the yearn finance ecosystem, and emerged in 2020, in the heat of decentralized finance rage.
This is the third time in 2021 that it has faced exploiting a vulnerability in its protocol. As reported by ., at the end of August it received a similar attack, when hackers stole $ 18.8 million in ether (ETH) and AMP tokens of the instant loan smart contract.
Previously, in February, cybercriminals forged the smart contract of the Alpha Homora protocol, a trusted client of Cream Finance, and used it to request an unsecured loan of $ 37.5 million in ETH and stablecoins.
The amount of almost $ 130 million, stolen this time from the platform, ranks 3rd in the largest robberies in history, according to the ranking of the «Reck» project. News of the attack generated a 30% drop in the price of the CREAM token.