Cryptocurrency lending platform implodes in $ 130 million hack


The CREAM Finance crypto lending service was the target of a hack that stole more than $ 130 million on Wednesday. This is not only one of the biggest heists ever targeted on a so-called “decentralized finance” (DeFi) platform, but also the third of those hacks targeting CREAM, demonstrating the risks inherent in the industry. boom in crypto lending.

CREAM has been the target of what is called a flash loan attack. Flash loans are unsecured cryptocurrency loans structured so that they have to be repaid instantly using smart contracts, which makes them attractive for things like arbitrage between exchanges. If the loan is not repaid, this never happens, as both occur in the same transaction.

Social media analysts who looked into the details of the attack suggested the hacker had exploited CREAM in a incredibly complex transaction for a flash loan that ultimately allowed the hacker to drain CREAM’s Ethereum-based loan pools, resulting in a gain of around $ 130 million in various tokens. The attack cost the hacker around 9 ETH in network fees, or around $ 36,000.

The attacker left a bizarre message in the transaction text: “gÃTµ Baave lucky, iron bank lucky, cream not. ydev: incest bad, don’t do.” Aave is a competing crypto lending platform, while Iron Bank is a protocol-to-protocol lending service founded by CREAM, which also calls it CREAM v2. According to CREAM, its v1 loan service was targeted. In a Wednesday tweet thread, the platform claimed that the vulnerabilities that enabled the hack have since been addressed.

“We apologize to our users and our community for this unfortunate incident and thank you for your support,” CREAM tweeted.

The platform has been the victim of hackers in the past. In August, $ 18.8 million was stolen from CREAM in a flash loan attack, The Bloc noted, and even earlier, in February, $ 37.5 million was stolen via CREAM by similar means.

The CREAM hack demonstrates the acute risks that accompany crypto lending, which is an emerging industry encompassing billions of dollars in value. The basic idea is similar to a savings account with a bank, where you deposit money which the bank then lends to customers and earns you interest. Likewise, CREAM and other services allow users to put their crypto into a pool that will be loaned by the platform in exchange for interest, which is usually much higher than that offered by a bank. It is important to note that while the funds you place in a bank are insured by the federal government, the funds you place in a crypto platform are not.

Crypto lending services have recently come under fire from US regulators. This year, regulators from three different states ordered BlockFi to shut down because it offered unregistered titles, officials said. Leading US-based crypto exchange Coinbase also planned a loan offer, but abandoned it after the The Securities and Exchange Commission threatened to sue the company if it introduced the product.

Over the past year, CREAM, which stands for “Crypto Rules Everything Around Me” in homage to the classic Wu-Tang Clan track, has attempted to generalize its offerings. He even released a theme song featuring Method Man, which appears at the start of the video shouting “Ayo, this is Method Man and this is not financial advice.”

CREAM Finance did not respond to Motherboard’s request for comment.

Leave A Reply

Your email address will not be published.