Hackers have stolen an estimated $130 million worth of cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform that allows users to loan and speculate on cryptocurrency price variations.
The attackers are believed to have found a vulnerability in the platform’s lending system —called flash loaning— and used it to steal all of Cream’s assets and tokens running on the Ethereum blockchain, according to blockchain security firm BlockSec, which also posted an explanation of the security flaw on Twitter earlier today.
A breakdown of the stolen funds is available below, courtesy of the SlowMist team.
Roughly six hours after the attack, Cream Finance said it fixed the bug exploited in the hack with the help of cryptocurrency platform Yearn.
Even if the attacker’s initial wallet, used to exfiltrate a large chunk of the funds, has been identified, the funds have already been moved to new accounts, and there appears to be a small chance the stolen crypto can be tracked down and returned to the platform.
Third time’s a charm
All attacks were flash loan exploits, a common way through which most DeFi platforms have been hacked over the past two years.
DeFi related hacks have accounted for 76% of all major hacks in 2021, and users have lost more than $474 million to attacks on DeFi platforms this year, CipherTrace said in a report in August.
Similarly, DeFi hacks also made up 21% of all the 2020 cryptocurrency hacks and stolen funds after being almost inexistent a year before, in 2019, the same CipherTrace said in a report last year.
The Cream heist also marks the second-largest cryptocurrency hack this year after DeFi platform Poly Network lost $600 million in August. However, the individual behind the Poly hack eventually returned all the stolen funds two weeks later on the promise the company won’t seek charges.
The post Hackers steal $130 million from Cream Finance; the company’s 3rd hack this year appeared first on The Record by Recorded Future.
Source: Read More (The Record by Recorded Future)