The decentralized finance (DeFi) lending protocol Cream Finance (CREAM) suffered a hack that led to the loss of about $26 million in Ethereum (ETH) and AMP tokens.
Cream Finance says the platform lost 418,311,571 AMP, currently valued at $22.1 million, and 1,308 ETH, currently valued at $4.42 million, on Tuesday “by way of reentrancy on the AMP token contract.” At the time of the hack, the crypto was worth about $18 million.
The platform paused supply and borrow on AMP to stop the exploit. AMP is a crypto asset used as collateral for stablecoin payments.
The blockchain security firm PeckShield first spotted and analyzed the hack.
“The hack is made possible due to a reentrancy bug introduced by AMP, which is an ERC777-like token and exploited to re-borrow assets during its transfer before updating the first borrow.
Specifically, in the example [transaction], the hacker makes a flash loan of 500 ETH and deposit the funds as collateral. Then, the hacker borrows 19 million AMP and makes use of the reentrancy bug to re-borrow 355 ETH inside AMP token transfer(). Then the hacker self-liquidates the borrow. The hacker repeats the above process in 17 different transactions and gains in total 5.98K ETHs (with ~$18.8 million).“
The protocol’s native token, CREAM, is down more than 10% on the day and is trading at $161.70 at time of writing, according to CoinGecko.
This week’s hack is not the first attack on Cream Finance this year. In March, the lending platform revealed that their website had suffered a domain name system (DNS) spoofing attack which attempted to trick their users into typing their private seed phrase into a fake MetaMask wallet input box.
Attacks on DeFi protocols have been in the news in the past few weeks after Poly Network suffered a massive $643 million hack earlier this month. Poly Network, however, worked with the pseudonymous attacker, known as Mr. White Hat, and has retrieved all of the stolen funds.
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Check Price Action
Follow us on X, Facebook and Telegram
Surf The Daily Hodl Mix
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Featured Image: Shutterstock/zeber