Technology

Hackers steal $29 million from crypto-platform Cream Finance

Hackers are estimated to have stolen more than $29 million in cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform that allows users to loan and speculate on cryptocurrency price variations.

The company confirmed the hack earlier today, half an hour after blockchain security firm PeckShield noticed signs of an ongoing attack.

Cream Finance said the hacker used a “reentrancy attack” in its “flash loan” feature to steal 418,311,571 in AMP tokens (estimated at around $25.1 million at the time of the hack) and 1,308.09 in ETH coins (estimated at around $4.15 million).

The term “flash loan” refers to a contract (script) that runs on the Etherium blockchain that allows Cream Finance users to take quick loans from the company’s funds and then return them at a later date.

Reentrancy attacks take place when a bug in these contracts allows an attacker to withdraw funds repeatedly, in a loop, before the original transaction is approved or declined or the funds need to be returned.

PeckShield and Tal Be’ery, the cofounder of cryptocurrency wallet app ZenGo, confirmed that the Cream Finance hacker exploited a bug in the ERC777 token contract interface that’s used by Cream Finance to interact with the underlying Etherium blockchain.

Be’ery told The Record today that ERC777 has enabled several reentrancy attacks on DeFi online services, which keep relying on the feature despite its history of bad implementations, bugs, and hacks.

The ZenGo cofounder also told The Record that DeFi services need to develop or implement a firewall-like system for their platforms in order to filter malicious requests to their underlying contracts, which are the backbone of their services and the targets of most of these hacks.

DeFi related hacks have accounted for 76% of all major hacks in 2021, and users have lost more than $474 million to attacks on DeFi platforms this year, according to CipherTrace. Most of the attacks on DeFi protocols employed flash loans, the company said in a report released earlier this month.

Similarly, DeFi hacks also made up 21% of all the 2020 cryptocurrency hacks and stolen funds after being almost inexistent a year before, in 2019, the company said in a report last year.

This trend of hackers targeting DeFi platforms can be explained by the fact that the cryptocurrency ecosystem is highly unregulated, security is almost an afterthought, and many platforms fail at implementing their underlying technical base, many running buggy contracts (scripts) that can be easily abused by anyone with knowledge of cryptography and C and C++ coding.

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

Recent Posts

Dems want FTC to investigate Apple and Google for privacy harms made worse Post-Roe

Both companies use unique tracking identifiers in their popular Android and iOS mobile operating systems…

2 days ago

Hacker selling access to 50 vulnerable networks through Atlassian vulnerability

A hacker is selling access to 50 vulnerable networks on a cybercriminal forum after breaking…

2 days ago

Ransomware groups targeting Mitel VoIP zero-day

Ransomware groups are targeting a zero-day affecting a Linux-based Mitel VoIP appliance, according to researchers…

2 days ago

House panel approves major cash infusion for CISA

House appropriators on Friday voted in favor of a $2.9 billion budget for the Cybersecurity…

2 days ago

FTC finalizes order over CafePress security issues

The online sales platform had a major breach in 2019 and tried to cover it…

2 days ago

US arm of Japanese automotive hose maker Nichirin pauses production after ransomware attack

Japanese automotive hose giant Nichirin was forced to pause production this week after a US…

2 days ago