C.R.E.A.M. Finance Loses Over $34 Million in Crypto Hack

Prateek Jha
Prateek Jha
By: Prateek Jha Reading time: 2 minutes
Mock cryptocurrency coins in gold and silver on a black surface
© WHYFRAME/Shutterstock.com

C.R.E.A.M. Finance announced that it was the target of a cyberattack where the hacker stole over $34 million in digital tokens.

The hacker stole $24.2 million in AMP and $9.9 million in Ether.

The attack adds to a growing list of high profile hacks on Decentralized Finance (DeFi) platforms in 2021.

Hackers Exploited Vulnerability in AMP Integration With the Platform

According to Crypto Rules Everything Around Me (C.R.E.A.M.) Finance, the attacker exploited an error in how the platform integrated AMP, leading to a reentrancy bug.

The platform stated that there were two attacks: a main exploit and a smaller copycat. The copycat address has a withdrawal history with Binance, to whom C.R.E.A.M. Finance has since reached out for help.

C.R.E.A.M. Finance also stated their intent to “forward all relevant information to law enforcement authorities and prosecute to the fullest extent of the law.”

The platform said that it has paused its AMP supply and borrow functions. These services will remain suspended until a patch can be safely deployed.

It also announced that it will be replacing the stolen tokens so that there is no liquidity trouble for users. It will commit to allocating 20% of all protocol fees received to repay its customers.

This is the first time C.R.E.A.M. has been exploited directly, the company said.

C.R.E.A.M. Finance is a DeFi organization and the developer of a lending protocol for individuals. The crypto assets on the platform include Ethereum, AMP Token, CREAM Token, Tether, and COMP.

Platform Announces Bounties for Recovery of Funds

C.R.E.A.M. Finance said it will learn from the incident and use it to improve and strengthen its protocol.

The platform also announced that it will give the attacker a 10% bug bounty if they returned the stolen funds.

Additionally, C.R.E.A.M. Finance announced that if someone were to identify and provide information that leads to the arrest and prosecution of the attacker, that person would receive 50% of the returned funds.

This attack adds to a growing list of hacks on DeFi platforms. Just last month, Poly Network was the target of the largest ever crypto heist. The hacker has since returned all of the stolen funds, amounting to over $600 million in cryptocurrency.

Japanese crypto exchange Liquid was also hit by a cyberattack, where the actors stole over $94 million in digital tokens.

This is not the first time C.R.E.A.M. Finance has suffered from a cyber attack. In February this year, the organization lost $37.5 million due to a flash loan exploit made via IronBank.

Technology policy researcher
Prateek is a technology policy researcher with a background in law. His areas of interest include data protection, privacy, digital currencies, and digital literacy. Outside of his research interests, Prateek is an avid reader and is engaged in projects on sustainable farming practices in India.
More recent news about Cybercrime
Leave a comment
Leave a comment