The decentralized finance (DeFi) lending protocol Cream Finance (CREAM) suffered a hack that led to the loss of about $26 million in Ethereum (ETH) and AMP tokens.
Cream Finance says the platform lost 418,311,571 AMP, currently valued at $22.1 million, and 1,308 ETH, currently valued at $4.42 million, on Tuesday “by way of reentrancy on the AMP token contract.” At the time of the hack, the crypto was worth about $18 million.
The platform paused supply and borrow on AMP to stop the exploit. AMP is a crypto asset used as collateral for stablecoin payments.
The blockchain security firm PeckShield first spotted and analyzed the hack.
“The hack is made possible due to a reentrancy bug introduced by AMP, which is an ERC777-like token and exploited to re-borrow assets during its transfer before updating the first borrow.
Specifically, in the example [transaction], the hacker makes a flash loan of 500 ETH and deposit the funds as collateral. Then, the hacker borrows 19 million AMP and makes use of the reentrancy bug to re-borrow 355 ETH inside AMP token transfer(). Then the hacker self-liquidates the borrow. The hacker repeats the above process in 17 different transactions and gains in total 5.98K ETHs (with ~$18.8 million).“
The protocol’s native token, CREAM, is down more than 10% on the day and is trading at $161.70 at time of writing, according to CoinGecko.
This week’s hack is not the first attack on Cream Finance this year. In March, the lending platform revealed that their website had suffered a domain name system (DNS) spoofing attack which attempted to trick their users into typing their private seed phrase into a fake MetaMask wallet input box.
Attacks on DeFi protocols have been in the news in the past few weeks after Poly Network suffered a massive $643 million hack earlier this month. Poly Network, however, worked with the pseudonymous attacker, known as Mr. White Hat, and has retrieved all of the stolen funds.
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Check Price Action
Follow us on X, Facebook and Telegram
Surf The Daily Hodl Mix
Featured Image: Shutterstock/zeber