Cream Finance, a defi-credit and credit log, was the victim of a hack that wiped more than $ 29 million from its vaults. The attacker took advantage of a loophole in the implementation to add the amp token to the protocol. This is the second time the platform has been involved in a hack. The first injury occurred in February when Cream lost $ 37.5 million.
Cream Protocol suffers from hack
Cream Protocol, a defi-lending borrowing platform that operates on four different chains (Ethereum, BSC, Polygon and Fantom), suffered a hack on Monday that resulted in a loss of $ 29 million in multiple cryptocurrencies. The attacker took advantage of a bug caused by the introduction of the amp token into the log. According to Peckshield, a blockchain security and data analytics company, the hack was carried out in just one transaction, exploiting a reentry bug in the Amp currency code.
This allowed the hacker to re-borrow assets during the transfer before updating the first loan. The exploit was repeated 17 times and allowed the hacker to get hold of 418,311,571 amps (valued at $ 25.1 million) and 1,308.09 Ethereum (valued at $ 4.15 million). The platform had been tested by Trails Of Bits, a cybersecurity research and consultancy firm, prior to the inclusion of the Amp token.
Cream stated that it stopped the exploit by pausing supplies and borrowing the amp. The log also informed users that no other markets were affected and were expected to offer an autopsy report at a later date.
Not the first time
This is not the first time Cream has been hit by a hacking incident. Less than six months ago, the platform was also hit by a hack that allowed the attacker to withdraw $ 37.5 million. The hack took advantage of an unpublished version of a contract from Alpha Finance, another defi protocol, a rounding miscalculation in the code and a whitelisting function. After the attacker took control of the funds, he took them to Tornado.cash, a protocol that enables private transactions in Ethereum.
Fortunately, no user funds were affected in this first hack. However, it shows that the Defi environment is very complex and that even a small change to the protocol (like adding a currency or whitelisting another platform) can have a big impact on security in the future.
What do you think of defibrillator-related hacks? Let us know in the comments section below.
Photo credit: Shutterstock, Pixabay, Wiki Commons
Disclaimer of liability: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement for any product, service, or company. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author are directly or indirectly responsible for any damage or loss caused or allegedly caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.