Cream Finance has lost over $34 million in cryptocurrency after a cyberattacker exploited a vulnerability in the project’s market system.
- T-Mobile hack: Everything you need to know
- Surfshark VPN review: It’s cheap, but is it good?
- The best browsers for privacy
- Cyber security 101: Protect your privacy
- The best antivirus software and apps
- The best VPNs for business and home use
- The best security keys for 2FA
- The ransomware threat is growing: What needs to happen to stop attacks getting worse? (ZDNet YouTube)
The decentralized finance (DeFi) organization is the developer of a lending protocol for individuals, with yields on offer for some cryptocurrency stakes. Assets on the platform include Ethereum (ETH), the AMP token, CREAM token, USDT, and COMP.
Cream said an attacker managed to exploit a vulnerability on August 31, leading to the theft of 462,079,976 in AMP ($24.2m) tokens and 2,804.96 ETH tokens ($9.9m), according to an update posted on September 1.
At current prices, this amounts to over $34 million.
“While unfortunate and disappointing, we take ownership of the error,” the developers say.
Cream is now working with law enforcement to try and trace the attacker — or, attackers, as the platform says a “copycat” was also in play at the time of the main attack. The second individual has a transaction history with Binance.
The organization has paused AMP supply and borrow functions until a patch can be deployed. The stolen ETH and AMP will be replaced, with 20% of protocol fees now earmarked to repay customers.
Cream says that if the attacker is willing to return the stolen cryptocurrency, they can keep 10%, without any consequences as a form of bug bounty payment. However, if others are able to provide a lead on the identity of the cyberattacker leading to their arrest and/or prosecution, 50% of the value of the stolen funds is on offer. as a reward
If neither offer is successful, “we will forward all relevant information to law enforcement authorities and prosecute to the fullest extent of the law,” the company says.
This is not the first time Cream has fallen foul of a cyberattack. In February, the platform lost $37.5 million due to a flash loan exploit made via IronBank.
Earlier this month, DeFi platform Poly Network said an attacker exploited a vulnerability in the platform to siphon away roughly $610 million in cryptocurrency, including BSC and ETH. The thief has since returned the funds and is signed off as “Mr. White Hat” in Poly blog posts.
The company has returned assets to its rightful owners and is currently in the process of restoring cross-chain services.
Previous and related coverage
- New global DeFi adoption index finds US, Vietnam, China, UK and India leading the way
- Hacker returns more than $260 million in cryptocurrency after Poly attack
- Compounder Finance DeFi project allegedly pulls the rug from under investors, $11 million stolen
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0