Ethereum defi protocol Cream Finance yesterday suffered an exploit that allowed attackers to steal $130 million of its holdings. The news was first revealed by Peckshield, a blockchain analytics firm that discovered that a quick loan had exploited the platform. This is the third hack that the protocol has suffered in its history, having been exploited for $36 and $29 million before, respectively.
Funding cream hacked again
Careem Finance, an Ethereum-based lending and borrowing protocol, has suffered an exploit that allowed hackers to steal $130 million worth of ether and ERC-20 tokens. according to slowThe blockchain security organization, the attack logged 2,760.22 ether and 60 tokens including HBTC, USDT, BUSD, and others. The attack was carried out in the form of a series of quick loans in a very unorthodox manner, leading some to believe that the hacker was an experienced developer.
Another blockchain security company, Peckshield, broke the news, linking to the rapid loan that caused the hack via Twitter. The company assumed that the attack was possible due to a bug in the price oracle. Karim team quickly I acknowledge status, informing users of the hack. They also mentioned:
With the help of friends from Yearn Finance and others in the community, we were able to identify and fix vulnerabilities. In the meantime, we have paused our lending marketplaces from version 1 on Ethereum and are in the process of compiling a post-mortem review.
Since then, the Careem Finance team has tried to contact the hackers, offering to give them 10% of all the tokens they lost. This is a well-known strategy that has paid off for some protocols that have been exploited in the past. However, no response was received.
The exploit carries a vague message that seems to point in the direction of being an anti-protocol action. The message, which also mentioned other protocols, read:
gÃTµ Baave lucky, iron bank lucky, cream no. ydev: Bad incest, don’t.
This is not the first time that the cream has been used. The protocol has a rather poor track record, having been exploited three times during this year. The first time, in February, Protocol Iron Bank lost $36 million in another quick loan attack. After that event, Cream Finance was hacked again in August, when one of the exploits caused losses of $29 million.
What do you think of Cream Finance’s latest exploit and the strange circumstances surrounding it? Tell us in the comments section below.
photo credits: Shutterstock, Pixabay, Wikicommons
disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services or companies. Bitcoin.com does not provide investment, tax, legal or accounting advice. Neither the Company nor the author shall be liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.