Cream Finance Suffered $25 M Flash Loan Attack

by in DeFi News

DeFI hack Cream Finance

Cream Finance Suffered $25 M Flash Loan Attack

Decentralized lending and yield farming network Cream Finance’s v1 market on Ethereum chain suffered a flash loan attack today. The platform informed about the exploit via twitter, posting that it resulted in a loss of 418,311,571 in algorithmic stablecoin AMP tokens and 1,308.09 in ETH.

The Cream Finance team informed users that they halted the supply and borrowing on AMP. Other markets didn't suffer from the hack.

Trending: MetaMask announces integration with Apple Pay

The attacker's address was found out by blockchain security and data analysis company PeckShield. As Etherscan shows, the address currently holds $18.8 M.

PeckShield monitors the movements of the account. It was discovered that the exploit was made possible via the reentrancy vulnerability produced by AMP. First, the attacker borrowed 500 Eth through a flash loan and deposited the amount as collateral. Next, he borrowed $19 M AMP at the same time reborrowing 335 Ethers in AMP token transfer. Thus, the attacker managed to self-liquidate the loan.