en
Back to the list

Hackers Steal 8 Million Dollars Taking Advantage of an Exploit in Crema Finance - Crypto Economy

Security

crypto-economy.com 04 July 2022 10:57, UTC
  
Reading time: ~2 m

Another exploit has been recorded in the DeFi world, as the Solana-based liquidity protocol, Crema Finance, was compromised by hackers. On Saturday, the platform tweeted that it has suspended services temporarily, as they were investigating a potential exploit. The protocol estimated that around $6.40 million were stolen in digital assets at that time. However, the figure went up to over $8.70 million upon further investigation.

Solana blockchain explorer, SolanaFM, tweeted the breakdown of the incident. Crema Finance told that hackers exploited a tick account. These ticks are used to store price tick data from a centralized liquidity market maker (CLMM).

However, hackers replaced authentic transaction data with fake data. Thus, the hacker was able to drain a huge fee amount from the liquidity pool. Moreover, hackers were also able to activate six flash loans from Solend to add liquidity to Crema Finance. Solend is a lending platform for Solana.

Crema Finance Lose Millions of Dollars in Various Cryptocurrencies

The investigation indicates that crypto assets, including Tether and lido staked Solana were extracted from the protocol. These stolen funds are kept in the Ethereum and Solana wallets of hackers. SolanaFM has flagged these wallets. The DeFi protocol was quick to respond to the exploit attack.

Moreover, the team of Crema Finance has also reached out to the hackers through an on-chain message. Around $800,000 are offered as a bounty, and the hackers have 72 hours to come forward and clear their name. Otherwise, the protocol threatens to collaborate with the law enforcement authorities for the identification of the hacker.

Around two weeks ago, the protocol announced that it collected around $5.40 million in a private funding round. However, Crema Finance has not given the exact amount of its remaining liquidity pool assets. This funding round was led by Qiming Venture Partners. Companies that contributed to the funding included Everest Ventures Group, Big Brain Holdings, AGE Fund, Summer Capital, and others.

Crema Finance is often confused with Cream Finance, however, they are not related. In 2021, Cream Finance lost around $100 million in flash loan attacks. Nonetheless, 2022 continues to be a tough year for the Solana Network. It has faced several attacks and hacking attempts. In the first quarter, the protocol faced five hacking attempts. Millions of dollars were drained through these attacks.

Therefore, consumers and users are calling out Solana to improve its security and transparency model. Many among them are also losing their faith in the blockchain, as they continue to withdraw their investments as a precaution.


   Source
Back to the list