Key Takeaways

  • Cream Finance has been hit for over $136 million in a flash loan attack.
  • The stolen funds comprised mainly of LP tokens, several other ERC-20 tokens, and stablecoins.
  • Roughly $40 million of the stolen funds are in Cream’s ETH2 custodial staking service, meaning they could potentially be recovered.

Decentralized lending protocol Cream Finance has been hit by a major flash loan attack. The assailant borrowed $2 billion from Aave and made off with over $136 million worth of Ethereum-based tokens.

Cream Finance Hit By Another Flash Loan Attack

Cream Finance has been exploited. 

An attacker successfully used a flash loan earlier today to borrow 524,102.159 ETH from Aave, worth about $2 billion at today’s prices. They then successfully drained Cream Finance of several DeFi tokens, making off with around $136 million at peak prices according to Zerion. The transaction for the attack cost $36,574.34 and can be viewed on Etherscan.

The smart contract auditing firm PeckShield broke the news of the attack on Twitter this afternoon, while Cream Finance announced that it was “investigating an exploit on C.R.E.A.M. v1 on Ethereum.” The team added that it would share further updates as soon as they’re available. 

We are investigating an exploit on C.R.E.A.M. v1 on Ethereum and will share updates as soon as they are available.

— Cream Finance 🍦 (@CreamdotFinance) October 27, 2021

The Etherscan transaction history shows that the attacker moved at least $92 million to one Ethereum wallet and $23 million to another. The stolen funds were mostly comprised mainly of Cream LP tokens, which can be earned for providing liquidity to the protocol, as well as XSUSHI, WNXM, YFI, and several other ERC-20 tokens and stablecoins. 

In the input data for the transaction, the attacker left the following message:

“gÃTµ Baave lucky, iron bank lucky, cream not. ydev : incest bad, dont do”

The message likely refers to Cream Finance’s Iron Bank, which Alpha Finance uses in partnership with Cream. Alpha Finance posted an update confirming that Iron Bank and its Alpha Homora V2 product were “safe” following the attack. Yearn Finance also posted an update confirming that its products have not been affected and its team was “assisting Cream with investigation of the exploit.”

Interestingly, the wallet containing the majority of the attacker’s stolen funds received a transaction from a user with the Ethereum Name Service domain oilysirs.eth following the attack. The transaction contained a message that warned the attacker that they “are NGMI” because they “will never be able to cash that amount out.” “NGMI” is a popular meme in the crypto community. It’s typically used as an insult, meaning “Not Going to Make It.”

Following the attack, crypto investor and researcher Adam Cochran noted that Cream’s staked Ethereum 2.0 service is custodial, suggesting that users may be reimbursed for the stolen Cream LP tokens.

The attacker also used the DeFi exchange aggregator ParaSwap to convert tokens like AAVE and PERP for ETH and USDC. They also used Ren’s bridge to move over $6 million into BTC.

The total value locked on the protocol has shrunk by 72%, while the price of Cream’s native governance token CREAM has plummeted by around 27%, trading at $114 at the time of writing.

Notably, this isn’t the first time Cream Finance has been hit by a severe attack. The protocol lost $34 million in a similar exploit only in August, though the attacker later returned a portion of the funds. 

Editor’s note: This is a developing story and will be updated as details emerge. 

Disclosure: At the time of writing, the author of this feature owned ETH and xSUSHI. 

Ankr's logo

This news was brought to you by ANKR, our preferred DeFi Partner.

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.

DeFi Project Cream Finance Suffers $34 Million Hack

News

Cream Finance has reported a major hack that a $34 million loss, according to the team. Reentrancy Bug Behind Cream Finance Exploit  Cream Finance has been exploited. The DeFi lending protocol…

What is Rarible: A DAO for NFTs

What was once dismissed as a silly and expensive sector, NFTs give creators access to global markets in a way that’s never been possible before, and it’s all thanks to blockchain.Those familiar…

Cream Finance Hacker Returns $17.6M in Stolen Funds

News

Cream Finance’s hacker has returned most of the funds they stole last month. DeFi Hacker Returns Loot Cream Finance has received a payback after its recent hack incident. The unknown…

DeFi Project Spotlight: Small-Cap Lending Platform Cream Finance

Cream Finance takes some of the more popular ideas from DeFi’s lending and borrowing space one step further.  The project lists nearly 70 different assets, LP tokens, and various derivative…

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *