According to some of the sources, there were a total of seventeen transactions and two attackers involved in the attack.
C.R.E.A.M Finance, a decentralized lending protocol to access financial services, has allegedly lost $25 million in a recent flash loan attack. The protocol suffered an attack on its AMP cryptocurrency pool which was ambushed in the wee hours on Monday, August 30th. The attack on Cream Finance came six months after an earlier hijack on the same open-source, blockchain agnostic protocol.
The community has reported losses suffered in both ETH and AMP pools. Unlike the previous time when the Cream’s native token toppled to 30% in a matter of a few hours, this time the tokens have only stumbled to 6% for now. The last breach half a year ago resulted in $24 Million being stolen in ETH.
Peckshield Inc., one of the leading blockchain security companies in the world, spotlighted the offensive a while ago. Soon after, the Cream community notified the hack on Twitter, stating that the C.R.E.A.M. v1 market on Ethereum was abused through reentrancy on the AMP token contract. The total loss suffered by the team is 418,311,571 AMP and 1308.09 ETH tokens.
Following the news, Cream Finance notified that the attack has been halted by putting the supply and borrow services via AMP on hold. Having said that, they have reassured their customers on Twitter that the other markets have not been compromised.
Flash loan attacks have recently been the center of attention for DeFi systems due to the nuisance caused by them. They are a type of DeFi attack where a cyber thief pulls out a flash loan( a type of uncollateralized lending) from a lending protocol and utilizes it in several kinds of deception tactics to exploit the market. These types of attacks can happen super quickly and can affect large sums of money and assets. Hackers usually use flash loan attacks to influence loopholes in smart contracts. The very essence of flash loans revolves around borrowing, manipulating, and repayment of funds that can be cocooned into one transaction, thus rendering it inexpensive for the thief financially.
According to some of the sources, there were a total of seventeen transactions and two attackers involved in the attack. In March 2020, Cream Finance requested customers to keep a distance from their website as their DNS had been compromised by hijackers.