MOSHED-2022-7-5-13-37-28 (1)

Nearly $9 million stolen from DeFi platform Crema Finance

Decentralized finance platform Crema Finance announced that it was hacked on Saturday and had about $8.8 million stolen during the attack. 

In a series of tweets over the July 4 weekend, the company explained that the hacker used several novel tactics enabling them to take out six flash loans, a common tactic of DeFi attackers. 

The company said it is now working with law enforcement and blockchain security companies to trace the stolen funds. In total, the hackers stole ​​69,500 SOL, which is worth about $2.3 million and stablecoins worth about $6.5 million. 

It sent a message to the hackers, offering them $800,000 in exchange for the return of the stolen funds. 

"Your addresses on both Solana and Ethereum, have been blacklisted and all eyes are on you right now. You have 72h from now to consider becoming a white hat and keeping $800k as the bounty,” the company said in a note to the hacker. 

“And transfer remaining funds back to our contract-update-authority address. Otherwise the police and legal force will officially get involved and there will be endless tracing waiting for you.” 

Several blockchain security companies showed that the hacker conducted the exploit by uploading a malicious on-chain program which could then be used to deploy multiple flash loan attacks. 

Flash loan attacks are when a hacker uses a fast, uncollateralized loan to target vulnerabilities in a project's design.

Flash loan attacks have become one of the most popular ways hackers target DeFi platforms. In April, hackers stole $11.2 million worth of Binance Coin from DeFi platform Elephant Money. 

Cream Finance was hit with three different flash loan attacks in 2021, costing the DeFi platform $130 million in October$37 million in February and another $29 million in August.

Blockchain analysis firm Chainalysis said at least $2.2 billion was stolen from DeFi protocols in 2021. Last month, the Ronin Network announced that hackers stole more than $500 million worth of cryptocurrency, making it one of the largest attacks ever. 

Ronghui Gu, co-founder of crypto security firm CertiK, told The Record that the flash loan attack used by the hacker in this incident was specific and surprising in many ways. 

“This kind of complicated exploit highlights the constantly shifting frontier of crypto security,” Gu said.

“This is a reminder that hackers are always finding new ways to use old tricks, and for web3 to become a truly secure ecosystem, it requires both the web3 security industry and projects themselves to get better at anticipating, not just responding to, attacks.”

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.