This would be the third hack that Cream Finance suffers so far in 2021.
The attacker would be using transaction mixing services to launder the stolen tokens.
The decentralized finance protocol (DeFi) Cream Finance came under a new attack this Wednesday, October 27. This time, the hacker managed to extract tokens worth close to $ 130 million.
The attacker exploited a vulnerability in the smart contract of flash loans (instant loans) from Cream Finance on the Ethereum network. The protocol It also has funds in the Binance Smart Chain and the Polygon and Fantom blockchains that, as of the writing of this article, they are not reported as affected by the attack.
Alarms soared once blockchain security specialist PeckShield launched a alert on your Twitter account on a large transaction from the aforementioned contract. The transaction shows that the loan involved about 70 assets, mostly ERC-20 tokens.
The amount was transferred to a smart contract and a address created by the attacker, who received around $ 92 million and $ 25 million respectively. According to some reports, the attacker would be “laundering” the stolen funds, using transaction mixing services that hinder traceability on the blockchain.
At the moment, Cream Finance has not offered details of the case on any of its social networks and its Discord account is restricted. Although yes they announced on Twitter they started an investigation. “We are investigating an exploit in CREAM v1 on Ethereum and will share updates as soon as they are available,” the tweet can read.
Three hacks in a year
Finance is defined as “a decentralized lending protocol that allows individuals, institutions and protocols to access financial services ». The company is part of the yearn finance ecosystem, and emerged in 2020, in the heat of decentralized finance rage.
This is the third time in 2021 that it has faced exploiting a vulnerability in its protocol. As reported by CriptoNoticias, at the end of August it received a similar attack, when hackers stole $ 18.8 million in ether (ETH) and AMP tokens of the instant loan smart contract.
Previously, in February, cybercriminals forged the smart contract of the Alpha Homora protocol, a trusted client of Cream Finance, and used it to request an unsecured loan of $ 37.5 million in ETH and stablecoins.
The amount of almost $ 130 million, stolen this time from the platform, ranks 3rd in the largest robberies in history, according to the ranking of project «Reck». News of the attack generated a 30% drop in the price of the CREAM token.