Cream Finance Suffered $25 M Flash Loan AttackDecentralized lending and yield farming network Cream Finance’s v1 market on Ethereum chain suffered a flash loan attack today. The platform informed about the exploit via twitter, posting that it resulted in a loss of 418,311,571 in algorithmic stablecoin AMP tokens and 1,308.09 in ETH.
C.R.E.A.M. v1 market on Ethereum has suffered an exploit, resulting in a loss of 418,311,571 in AMP and 1,308.09 in ETH, by way of reentrancy on the AMP token contract.— Cream Finance 🍦 (@CreamdotFinance) August 30, 2021
We have stopped the exploit by pausing supply and borrow on AMP. No other markets were affected.
The Cream Finance team informed users that they halted the supply and borrowing on AMP. Other markets didn't suffer from the hack.address currently holds $18.8 M.
PeckShield monitors the movements of the account. It was discovered that the exploit was made possible via the reentrancy vulnerability produced by AMP. First, the attacker borrowed 500 Eth through a flash loan and deposited the amount as collateral. Next, he borrowed $19 M AMP at the same time reborrowing 335 Ethers in AMP token transfer. Thus, the attacker managed to self-liquidate the loan.