Cream Finance DeFi platform loses $19M in a flash loan hack. An AMP token reentrancy defect led to the Cream Finance hacker seizing $18.8M in a set of 17 transactions.
A hacker stole nearly $19 million from Cream Finance, a major decentralized finance (DeFi) platform that focuses on lending.
According to a blockchain security investigation published by Bitcoin security firm PeckShield, an unknown hacker was able to gain $18.8 million via an exploit of the Cream Finance protocol’s reentrancy flaw introduced by the Amp token.
In a Monday announcement, Cream Finance said that the protocol halted the supply and borrow contracts on the Amp token as a result of the exploit.
PeckShield explains how it happened
PeckShield explained that the hacker exploited the Amp token by reborrowing assets prior to updating the original loan in 17 separate transactions. The security firm provided an example transaction by noting that “the hacker takes out a flash loan of 500 ETH and deposits the funds as collateral. After that, the hacker borrows 19M $AMP and then reborrows 355 ETH by exploiting the reentrancy bug. The hacker then pays off the borrowed money”.
“The funds remain parked in 0xCE1F….6EDE. We are currently observing this address for any further action,” PeckShield elaborated, providing the hacker’s address.
Amp is an Ethereum-based token used to collateralize payments on the Flexa network. AMP token contract implements ERC77-based registry smart contract referred to as ERC1820. The ERC-1820 standard, introduced in 2019, defines a universal registry smart contract in which any address “can specify the interfaces it supports and which smart contract is for the implementation”.
CREAM and AMP bore the consequences
CREAM, the native token of Cream Finance, as well as Amp, both experienced considerable price drops following the attack. Amp fell nearly 13%. According to CoinGecko data, the Amp token is currently trading at $0.051908. While the CREAM token is trading at $167, down about 5% over the past 24 hours.
As formerly reported, in February, DeFi’s Alpha Homora product suffered a $37-million hack. Which took advantage of Cream’s Iron Bank protocol-to-protocol lending platform.
Cryptos Platforms are under attack
Various cryptocurrency platforms – both centralized and decentralized – are falling under attack recently. On Saturday, as a result of an attack on Bilaxy crypto exchange, 295 ERC-20 tokens were compromised. On Aug 19, cybercrime cost Liquid over $100 million.