Crema DeFi hacker returns $8 million in stolen funds, awarded a $1.68 million bounty

Decentralized Finance (DeFi) company Crema and a hacker that attacked the platform over the weekend have reached an agreement that will see a majority of the stolen funds returned in exchange for a $1.68 million bounty.

In a series of tweets over the July 4 weekend, the company explained that the hacker used several novel tactics enabling them to take out six flash loans, a common tactic of DeFi attackers. 

In total, the hacker stole ​​69,500 SOL, which is worth about $2.3 million, and stablecoins worth about $6.5 million for a total of $8.8 million at the time.

Crema officials sent a message to the hacker on July 3, offering them $800,000 in exchange for the return of the stolen funds. 

“Your addresses on both Solana and Ethereum, have been blacklisted and all eyes are on you right now. You have 72h from now to consider becoming a white hat and keeping $800k as the bounty,” the company said in a note to the hacker. 

“And transfer remaining funds back to our contract-update-authority address. Otherwise the police and legal force will officially get involved and there will be endless tracing waiting for you.” 

On Wednesday, the company said on Twitter that it had begun negotiating with the hacker and ended up agreeing to a deal where they kept 45,455 SOL – worth about $1.68 million – in exchange for the return of 6,064 ETH and 23,967.9 SOL, amounting to $8.3 million as of Thursday.

The company thanked incident responders at TRM Labs and several other security researchers for their help in responding to the incident. 

The deal resolved yet another hack affecting a DeFi platform. Blockchain analysis firm Chainalysis said at least $2.2 billion was stolen from DeFi protocols in 2021. 

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.