Cream Finance’s Hack Hattrick Sends Price and TVL Crashing


Hacks in the decentralized finance (DeFi) sector aren’t anything new, and it isn’t any different for Cream Finance either.

For the third time this year, Cream Finance has been hacked for at least $130 million. This has resulted in the price of CREAM tanking more than 37% to nearly $97. As of writing, the $79.5 million market cap cryptocurrency has recovered some of the losses to be back at $104.5.

Additionally, the total value locked (TVL) on the multi-chain lending protocol has fallen to $1.33 bln from $1.72 bln, according to DeFi Llama.

The attack was a flash-loan on the lending market of Ethereum CREAM V1, which manipulated the price of yUSD.

“Technically, it's not price manipulation. yUSDVault actually doubled in value. The problem is that it happened atomically, so Cream couldn't liquidate accounts and prevent them from going under water. Cream should not have allowed assets that can change their value so quickly,” said SushiSwap developer Mudit Gupta.

He further noted that it “was a cleanly executed attack” which involved two people and a shared account. “Attackers are DeFi devs, not traditional security folks,” Gupta added.

The attack first occurred on Oct. 27, and the team said they are investigating an exploit on C.R.E.A.M. v1 on Ethereum. Since then, liquidity has been removed.

“No other markets were impacted,” wrote the Cream team on Twitter. “We apologize to our users and community for this unfortunate incident and thank you for your support.”

With the help of the DeFi project Yearn Finance and others, the team of the Cream project identified the vulnerabilities and have patched them.

“In the meantime, we've paused our v1 lending markets on Ethereum,” it said.

Insurance protocol Nexus Mutual advised those who have active cover policies for Cream Finance to wait for a three-day period before filing their claims.

Back in August, Cream Finance suffered a $25 million hack, and then six months before that, in February, $37.5 million was stolen from the protocol.

According to a report from blockchain analytics firm CipherTrace, the DeFi market had a record loss of $474 million in the first seven months of this year.

Amidst the rapidly growing DeFi space and the resulting increase in hacks and attacks, the sector is attracting the scrutiny of regulators. Earlier this week, SEC Chair Gary Gensler said DeFi needs robust consumer protections.

“There’s a lot of lending going on. There’s a lot of trading going on. And without protections, I fear that it’s going to end poorly,” he said at the Yahoo Finance All Markets Summit earlier this week.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide