Back to the list

Crema Finance Hacked for $9M, Team Shares Investigation Details


cryptopotato.com 04 July 2022 08:56, UTC
Reading time: ~2 m

A Solana-based concentrated liquidity protocol – Crema Finance – temporarily halted its operations to investigate an exploit that drained more than $8.78 million worth of cryptocurrencies.

Crema Hack Recap

As per the update provided by the company, it all started with a vulnerability in ticks. The hacker activated six flash loans from Solend Pool and used the Wormhole Exchange to accumulate the stolen funds. Solend, on the other hand, was not impacted, and funds are safe. To utilize the flash loan, the hacker first deployed their on-chain program, which was closed immediately after the exploit.

To lessen the impact of the blow, Crema decided to suspend the smart contract after the exploit. It revealed working closely with multiple experienced security firms and relevant organizations to monitor the hacker’s fund movements.

The attacker swapped the stolen fund into 69422.9 SOL and 6,497,738 USDCet via Jupiter, following which the USDCet was bridged to the Ethereum network with the help of Wormhole and swapped to 6,064ETH via Uniswap soon after.

Both Solana and Ethereum addresses of the attacker have been blacklisted. The team behind the DeFi protocol reached out to them via an on-chain message to their Ethereum address which read,

“To the Crema hacker: Your address on both Solana and Ethereum have been blacklisted and all eyes are on you right now. You have 72h from now to consider becoming a white hat and keeping $800k as a bounty. And transfer remaining funds back to our contract-update-authority address.”

If the attacker refuses the offer, Crema revealed that it would take the legal route. With the funds located, the platform said it will continue to keep tracking its movements.

Before the time window is closed, the team will also be open to communication with the hacker. It is currently working on technical fixing alongside tracing the funds. Crema will resume the contract after the completion of the investigation, and a “resolvement plan” is made.

Persistent Attacks on DeFi

The attacks on DeFi have been rampant since the sector’s boom in 2020, with North Korea leading the world in such crime. One of the notorious organizations that have been at the center of many such attacks is the government-backed – Lazarus Group.

Millions of dollars are believed to have been stolen by the state-funded hacking group, which is then reportedly poured into the national defense budget, such as funding missile or nuclear trials. Currently, DPRK’s vast cyber program is targetting Web 3 and DeFi as per many US government agencies.

Back to the list