Cream Finance, a defi project based on Ethereum, has met with a hack attack which caused the project a loss of more than US$ 130 Million in crypto funds. The cause of the attack was known to be “flash loan” which eventually ended up exposing the project security at risk which was breached by the attackers. This is for the third time that the same project of Ethereum has met with the same kind of attack. In the earlier two attacks, the attackers managed to get away with US$ 36 and US$ 29 Million accordingly.
One of the most unfortunate Defi Ethereum based projects is Cream Finance. The project is one that renders services of borrowing and lending to the users. But on Friday, 29th October 2021, there was a security breach caused deliberately by the project’s protocols. The breaching party was hackers who were able to successfully launch their attack on the project and caused monetary loss to it. As a result of the unfortunate attack, Cream Finance lost tokenized assets worth more than US$ 130 Million. The tokenized assets that were stolen were in the form of ERC-20 and ETH coins.
It was later reported by a blockchain security company called “Slowmist” that Cream Finance’s 2,760 ETH coins were stolen. In addition, a total of 60 tokens in the form of BUSD, HBTC, and USDT too were stolen successfully by the attackers.
The past history of Cream Finance is a perturbed one. It had been unfortunate a number of times. This is the third successful attack that had been caused to the project since its inception. The earlier two attacks also caused a monetary loss of US$ 36 Million and US$ 29 Million accordingly.
It was found by Ethereum that the attack of the kind known as “flash loans”, which the security team of the project failed to recognize. There were a number of flash loans poured into by the attackers. This led the security team to believe that the attacker was in fact a profound developer of defi. However, this was not the case and in fact the attacker or attackers were fooling around with Cream Finance’s security team.
However, the news was not disclosed by Cream Finance in the first instance. The project rather confirmed the attack when the news was broke by a company called “Peckshield”. Peckshield, which is in fact a blockchain entity, believes that the attackers might have installed a bug first into the system. They must have put it in the project’s price oracle for gaining access. Soon after the news was broke, the defi project immediately confirmed that the news was authentic. It also told the users not to panic and promised that they have regained control.