C.R.E.A.M. Finance Faces $18,000,000 Flash Loan Attack on Ethereum

C.R.E.A.M. Finance Faces $18,000,000 Flash Loan Attack on EthereumC.R.E.A.M. Finance endures latest exploit to hit DeFi only days after elaborating on prospective lending products on Binance Smart ChainC.R.E.A.M. Finance Suffers Blow

C.R.E.A.M. Finance has become the latest lending protocol to suffer a considerable flash loan attack. It appears the episode concerned the AMP token contract that implements ERC77-based ERC1820. 

Through Etherscan, BSC.News has ascertained that a flash loan attack of over $18 million has been carried out on C.R.E.A.M. Finance on August 30th at 05:44:47 AM UTC.

“C.R.E.A.M. v1 market on Ethereum has suffered an exploit, resulting in a loss of 418,311,571 in AMP and 1,308.09 in ETH, by way of reentrancy on the AMP token contract,” the protocol confirmed hours later via tweet. “We have stopped the exploit by pausing supply and borrow on AMP. No other markets were affected.”

The attack comes after C.R.E.A.M. Finance Co-Founder Leo Cheng spoke to BSC News about how innovation requires his team to push the boundaries and explore the edges of capital efficiency, but this line of work requires discipline. Although you want to build what everybody is after, you need to be conscious of safety and security, especially when personal assets are involved, Cheng explained. 

C.R.E.A.M. Finance Faces ,000,000 Flash Loan Attack on EthereumSource

What is a ‘Flash Loan Attack’?

What C.R.E.A.M. suffered can be classified as a flash loan attack. Flash loan attacks are a type of Decentralized Finance (DeFi) attack where a cyberthief takes out a flash loan (a form of uncollateralized lending) from a lending protocol and uses it in conjunction with various types of gimmickry to manipulate the market in their favor.

C.R.E.A.M. confirmed that Peck Shield assisted in the recovery effort and that a post-mortem is on the way.  Peck Shield confirmed some of what they know in some follow-up tweets around 08:00 UTC August 30th. 

“The hack is made possible due to a reentrancy bug introduced by $AMP, which is an ERC777-like token and exploited to re-borrow assets during its transfer before updating the first borrow,” the tweet states.

The hacker flash loaned 500 ETH to borrow up to 19Million AMP tokens. Those 19 million tokens can then be used to exploit the reentrancy bug to borrow a further 355 ETH before the completion of the $AMP token transfer. The hacker is able to liquidate the 355 ETH for a sweet profit.

C.R.E.A.M. Finance Faces ,000,000 Flash Loan Attack on EthereumSource

Rinse and repeat seventeen times for a total of 5.98K ETH. Peck Shield knows the account that has the funds and is monitoring the situation.

We’ll be sure to update the community with a take once we have the full report. 

What is C.R.E.A.M. Finance?

Cream Finance describes itself as a decentralized lending protocol for individuals, institutions, and protocols to financial services. Part of the Yearn Finance ecosystem, Cream Finance is a permissionless, open-source, and blockchain agnostic protocol serving users on Ethereum, Binance Smart Chain, Polygon, and Fantom. 

Users who passively hold Ether or wBTC can deposit their assets on Cream to earn yield, similar to a traditional savings account. 

Where to find C.R.E.A.M. Finance:

Website | Twitter | Medium |

This is a paid Ask Me Anything (AMA), BSC.News does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products, or other materials on this page. The project team has purchased this advertisement AMA for $2000 Readers should do their own research before taking any actions related to the company. BSC.News is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods, or services mentioned in the AMA.Overall it is vital to proceed with caution when purchasing tokens that have just been listed. For those who have not already read our articles on safety in the BSC it is crucial to reference the following items, HERE and HERE.This is a paid press release, BSC.News does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products, or other materials on this page. The project team has purchased this advertisement article for $2500. Readers should do their own research before taking any actions related to the company. BSC.News is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods, or services mentioned in the press release.Overall it is vital to proceed with caution when purchasing tokens that have just been listed. For those who have not already read our articles on safety in the BSC it is crucial to reference the following items, HERE and HERE.This is a paid press release, BSC.News does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products, or other materials on this page. The project team has purchased this advertisement article for $2000. Readers should do their own research before taking any actions related to the company. BSC.News is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods, or services mentioned in the press release.

原创文章,作者:链比特,如若转载,请注明出处:https://btc.cheshirex.com/?p=76338

发表评论

登录后才能评论