cryptoknowmics.com
A flash loan attack that depleted Crema Finance's liquidity reserves caused them to lose over USD 8.7 million in cryptocurrency assets. Crema Finance is a concentrated liquidity protocol developed on the Solana (SOL) blockchain. On Sunday, the protocol's official Twitter account announced the temporary suspension of the service while they began an investigation after confirming the intrusion. https://twitter.com/Crema_Finance/status/1543416225622941696
"Our protocol seems to have just experienced a hacking. We temporarily suspended the program and are investigating it. Updates will be shared here ASAP," Crema Finance's Tweet said.
False Tick Account
The hacker began by constructing a false tick account, a dedicated fund that keeps price tick data in a concentrated liquidity market maker, according to an update from the team (CLMM). By "putting the initialized tick address of the pool into the bogus account," they could avoid the standard "check" procedure. https://twitter.com/solanafm/status/1543559794677518336 The hacker then used a contract to increase liquidity to open positions on Crema and borrow a flash loan from borrowing and lending firm Solend. Crema Finance said,
"In CLMM, the calculation of transaction fees mainly relies on the data in the tick account. As a result, the authentic transaction fee data was replaced by the faked data, so the hacker completed the stealing by claiming a huge fee amount out from the pool."
Crema Finance was misused to the tune of USD 8.78m, according to a SolanaFM probe, which included varied quantities of USDT and USDH Hubble Stable. The project disclosed the hacker's addresses in the interim and announced that it would be following the movement of stolen funds - coins and crypto synthesizers.