Cream Finance Exploited Yet Again, Hacker Stealing $18.8 Million in Ether and AMP
Another day, yet another decentralized finance (DeFi) hack. This time Cream Finance has been exploited for $18.8 million.
Founded by Taiwan Taiwan entertainment star Jeffrey Huang, Cream Finance is a decentralized lending protocol operating on Ethereum, Binance Smart Chain (BSC), and Fantom.
Cream offers a wide range of tokens on its money markets, including stablecoins, interest-bearing stablecoins, DeFi coins, LP-tokens, and other cryptos. The protocol has $1.61 billion of total value locked (TVL) in it, near its June 15 ATH of $1.72 bln.
In reaction to the news of the hack, the token CREAM dropped more than 8% in value and is currently trading around $166.58, roughly 56% from its early February high of $374.
Back in February, the protocol was attacked by a flash loan and lost $37.5 million. This time, half of the amount hacked last time has been stolen. The team took to Twitter to share that,
“C.R.E.A.M. v1 market on Ethereum has suffered an exploit, resulting in a loss of 418,311,571 in AMP and 1,308.09 in ETH, by way of reentrancy on the AMP token contract.”
AMP, a digital collateral token that offers instant and verifiable collateralization for any kind of value transfer, was trading at just above $0.059 before falling to $0.484 in the early hours of Monday. As of writing, AMP is trading at $0.0555, down 54% from its mid-June peak of $0.12. Ether meanwhile is trading just under $3,200.
“We have stopped the exploit by pausing supply and borrow on AMP. No other markets were affected,” said the team.
The Cream Finance team is working with PeckShield, a blockchain security and data analytics company, to investigate the attack.
According to PeckShield, the hack was made possible due to a reentrancy bug introduced by ERC777-like token AMP. It was exploited to re-borrow assets during its transfer before updating the first borrow.
Further explaining the attack, the blockchain security team said the hacker made a flashloan of 500 ETH and deposited the funds as collateral. Then the hacker borrowed 19 mln AMP and made use of the reentrancy bug to re-borrow 355 ETH inside AMP token transfer, and then the hacker self-liquidated the loan. PeckShield said,
“The hacker repeats the above process in 17 different txs and gains in total 5.98K ETHs (with ~$18.8M). The funds are still parked in 0xCE1F….6EDE. We are actively monitoring this address for any movement.”
The SlowMist team's research on the exploitation of Cream is believed to be caused by the incompatibility between the Cream lending model and AMP tokens. pic.twitter.com/hErxs1Wlml
— Wu Blockchain (@WuBlockchain) August 30, 2021