The attack has severely compromised funds in Cream liquidity provider tokens and other Ethereum-based tokens
In what is being termed as the largest theft in the Decentralised Finance sector, Cream Finance has confirmed that it has fallen victim to a large flash loan exploit in which the hacker stole over $130 million.
The incident marks at least the third major attack on the DeFi lending protocol since the beginning of 2021.
The flash loan attack was first identified by blockchain data analytics company PeckSheild. Cream Finance later tweeted notifying that an exploit on the C.R.E.A.M. v1 on Ethereum was being investigated.
The negative outpour from the crypto community regarding the Taipei-based decentralised firm’s inability to safeguard user interests forced Cream Finance to shut down its forums.
Compromised funds have been recognised to be Cream liquidity provider tokens and other Ethereum-based tokens. Cream Finance has halted its v1 lending markets and has stated that it is in the process of conducting a post-mortem review.
The attack led to a further drop in investor confidence in Cream Finance with its native token CREAM falling by over 23% in the last 24 hours.
Cream Finance has routinely been the victim to such attacks. In August the firm witnessed a $19 million-worth exploit caused by a re-entrancy bug introduced by the Amp cryptocurrency. However, the hacker was convinced to return most of the stolen funds
When asked what are the chances that the $130 million stolen funds are returned by the hacker this time around, Sun Huang, general manager and vice president for SecDevOps at XREX Inc told Forkast.News that attackers are likely to negotiate with Cream Finance and return the funds.
“…especially when the tracking technology for blockchain has become more mature and many could catch the hints and chase down on attackers,” Huang stated.
Flash loans are a form of un-collateralised lending that is valid within just one atomic blockchain transaction. In a flash loan attack, hackers find ways to manipulate the market and execute the transaction even when the borrowed amount is not repaid in time to the protocol.