- Cream Finance DeFi announced that it lost $19 million in a major security attack.
- The hacker gained $18.8 million by using a reentrancy bug in the AMP token
Cream Finance DeFi platform announced that it lost $19 million in a major security attack. According to the Cream Finance team, the hacker gained $18.8 million by using a reentrancy bug in the AMP token in a set of 17 transactions.
Cream Finance, a major DeFi protocol focused on lending, announced the news on Monday via Twitter. The team said they have stopped the exploit by ceasing supply and borrowing contracts on the AMP token, adding, “No other markets were affected.”
A leading blockchain security firm, Peckshield, highlighted that the hacker exploited the AMP token. He did this by re-borrowing assets during the transfer before renewing the first to borrow in 17 transactions.
To clarify, the security firm stated,
The hacker makes a flashloan of 500 ETH and deposit the funds as collateral. Then the hacker borrows 19M $AMP and makes use of the reentrancy bug to re-borrow 355 ETH inside $AMP token transfer. Then the hacker self-liquidates the borrow.
In addition, Peckshield said,
The funds are still parked in 0xCE1F….6EDE. We are actively monitoring this address for any movement.
This attack is amid the increasing number of hacks and exploits among cryptocurrency platforms. The latest one is Bilaxy. Yesterday, Bilaxy issued an urgent notice warning on its official Twitter. The exchange has stated that it has suffered a hack.
- BSC Celebrates 1st Anniversary in Dvision Metaverse
- Elon Musk Marks “Important” DOGE’s Need For More Nodes
- The Highly Anticipated 1.5.0 Update for 1inch DeFi Wallet Is Out Now
- Cool Valley, Missouri Mayor Wants To Give Each Resident $1k in Bitcoin
- Leading Digital Gateway Provider Copper.co Integrates Elrond Network