Hackers have stolen about $130 million worth of cryptocurrency assets from Cream Finance, by exploiting a bug in their flash loaning system to siphon away all Ethereum-based tokens on the platform.
This is Cream Finance’s third hack this year alone. The decentralized finance (DeFi) platform allows users to loan and speculate on cryptocurrency price variations.
The latest incident was first detected by blockchain security firms PeckShield and SlowMist, before it was confirmed by the Cream Finance team.
“Our Ethereum C.R.E.A.M. v1 lending markets were exploited and liquidity was removed on October 27, 1354 UTC….No other markets were impacted,” shared Cream Finance on Twitter.
Repeat victims
Before today’s incident, Cream Finance had suffered million dollar heists earlier in the year, losing $37 million in February, and another $29 million in August.
Interestingly, all attacks were flash loan exploits, which reportedly has emerged as one of the most common ways hackers use to break into DeFi platforms over the past two years.
According to a report by CipherTrace, DeFi related hacks have accounted for 76% of all major hacks in 2021, resulting in users losing cryptos worth more than $474 million.
Cream Finance patched the bux within hours of the theft. However, The Record believes that even though the attacker’s initial wallet has been identified, the funds have already been moved to new accounts, and there’s little chance of the stolen crypto being traced and returned to the wallets of the victims.
