Scan to download
Home
Article
Flash
Specials
Columns
ETF
Knowledge Base
Calendar
Activity
Tools
RootData
DeInsight 2024🔥
Devcon 2024

Cream Finance was hacked for over $18 million due to a reentrancy vulnerability, marking the third attack this year

ChainCatcher Selection
2021-08-30 17:17:08
Collection
This is the third time this project has been attacked this year.

Author: Chain Hunter

Today at noon, the DeFi lending platform Cream Finance suffered a flash loan attack, with hackers profiting 420 million AMP, 1308 ETH, and a small amount of stablecoin assets like USDC, totaling over 18 million USD in asset value. This marks the third attack on the project this year.

According to security analysis firm PeckShield, the vulnerability in this attack lies in the AMP token contract, which has a reentrancy flaw that allows hackers to re-borrow assets during the lending process.

Specifically, in the first attack transaction, the hacker took out a flash loan of 500 ETH and deposited the funds as collateral, borrowing 19 million AMP. The hacker then exploited the reentrancy vulnerability to borrow an additional 355 ETH during the AMP token transfer process. Subsequently, the hacker self-liquidated the loan.

The hacker repeated the above process across 17 different transactions, ultimately obtaining 5980 ETH (approximately 18.8 million USD). Currently, all funds are still held in the hacker's address, with no further actions taken.

It is understood that Cream Finance is a decentralized lending protocol initiated by the Taiwanese community, focusing on mid-to-long tail assets. It joined the YFI ecosystem at the beginning of the year and has since expanded to multiple blockchain networks including Ethereum, BSC, and Polygon. According to DefiLlama, Cream Finance currently has a total locked value of 1.6 billion USD, ranking fifth among decentralized lending protocols.

Previously, the project has faced multiple hacker attacks, with total losses exceeding 56 million USD.

On February 13 of this year, hackers exploited a vulnerability in Alpha Homora V2 to borrow ETH, DAI, USDC, and other assets from Cream Finance's zero-collateral cross-protocol lending feature, Iron Bank, resulting in a loss of approximately 38 million USD for the project. Subsequently, Alpha Finance stated that it would fully compensate for the assets.

On the 28th of the same month, the DeFi aggregation platform Furucombo suffered a severe vulnerability attack, affecting Cream Finance's reserve account. The Cream Finance team immediately revoked all approvals for external contracts but still incurred a loss of 1.1 million USD.

Tracking and Interpretation of Hot Events

Tracking and Interpretation of Hot Events

This topic mainly tracks and interprets hot events in the blockchain industry.
Topic or theme
Related tags
Cream flash loan attack attack security
ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.
banner
ChainCatcher Selection
ChainCatcher Selection Collection of original articles and selected news from ChainCatcher.
Daily Report | Over 20 Nobel Prize winners jointly support Harris; Musk increases support for Trump, adding a donation of $44 million; Ripple has submitted Form C, appealing the SEC's ruling on XRP institutional sales
Daily Report | Over 20 Nobel Prize winners jointly support Harris; Musk increases support for Trump, adding a donation of $44 million; Ripple has submitted Form C, appealing the SEC's ruling on XRP institutional sales
Frax Founder: In the AI Memecoin craze, how to properly evaluate the value of "L1 tokens compared to L2 and equity tokens like DApps"?
Frax Founder: In the AI Memecoin craze, how to properly evaluate the value of "L1 tokens compared to L2 and equity tokens like DApps"?
Related tags
Cream flash loan attack attack security
Related reading
When the essential plugin Scam Sniffer for trading cryptocurrencies charges fees, it sparks controversy over the trade-offs of income for security tools
When the essential plugin Scam Sniffer for trading cryptocurrencies charges fees, it sparks controversy over the trade-offs of income for security tools
Roundtable Discussion: What is the biggest obstacle to the development of the intention track?
Roundtable Discussion: What is the biggest obstacle to the development of the intention track?
A hacking incident unexpectedly exposed EigenLayer's cover
A hacking incident unexpectedly exposed EigenLayer's cover
Ten Thousand Character Investigation: How North Korea Infiltrates the Cryptocurrency Industry
Ten Thousand Character Investigation: How North Korea Infiltrates the Cryptocurrency Industry
Copyright © 2023
About Us
BitouchNews
Apply for a column
Disclaimer
RSS LINK
Recruitment
Qiong ICP No. 2021009392
Qiong ICP No. 2021009392
ChainCatcher Building the Web3 world with innovators
Open the app