Cream Finance, a decentralized finance (DeFi) lending and borrowing platform, has become the victim of cybercriminals as a recent exploit resulted in the loss of more than 418 million AMP, which is Flexa Network’s native token, and an additional 1,308 Ethereum.
At the time of the attack, the total value of the exploited digital tokens was around $25 million, but AMP prices immediately slumped by 15 percent, taking the dollar value of the exploit to $18.8 million, as of press time.
In the official announcement today, Cream Finance said that the hacker exploited the AMP token in the protocol by placing re-borrowing requests before updating the first borrowing order in 17 separate transactions.
C.R.E.A.M. v1 market on Ethereum has suffered an exploit, resulting in a loss of 418,311,571 in AMP and 1,308.09 in ETH, by way of reentrancy on the AMP token contract.
We have stopped the exploit by pausing supply and borrow on AMP. No other markets were affected.
— Cream Finance 🍦 (@CreamdotFinance) August 30, 2021
The platform had stopped the exploit by pausing the supply and borrowing on the AMP token. It further assured that none of the other markets were compromised.
Cream Finance is among the top 20 DeFi protocols with more than $658 million in locked assets. The protocol was created as a fork of Compound and attracted attention as it provides access to many more cryptocurrency markets.
In addition, the announcement of the attack pushed the price of the platform’s native token CREAM in a downward trajectory.
Flash loans allow users to borrow and return funds for the same transactions and have become a very common vulnerability when it comes to exploiting the security of DeFi platforms. According to the crypto-security firm, PeckShield, hackers used a 500 Ethereum flash loan to exploit a ‘reentrancy bug’ on the Flex Network.
Earlier this year, Cream Finance lost $37.5 million in crypto that resulted from the exploitation of Alpha Finance.
While the DeFi ecosystem is seen as the real challenger to the existing centralized financial industry, the nascent platforms are struggling with bugs. A CipherTrace report that was published recently placed the total amount of the lost DeFi funds at $474 million, which followed the $600 million attack on Poly Network. But, the hackers of Poly Network have returned most of the compromised funds.
