Cream Finance DeFi Platform Suffers $19M Exploit

Cream Finance DeFi platform announced that it lost $19 million in a major security attack. According to the Cream Finance team, the hacker gained $18.8 million by using a reentrancy bug in the AMP token in a set of 17 transactions.

Cream Finance, a major DeFi protocol focused on lending, announced the news on Monday via Twitter. The team said they have stopped the exploit by ceasing supply and borrowing contracts on the AMP token, adding, “No other markets were affected.”

A leading blockchain security firm, Peckshield, highlighted that the hacker exploited the AMP token. He did this by re-borrowing assets during the transfer before renewing the first to borrow in 17 transactions.

To clarify, the security firm stated,

The hacker makes a flashloan of 500 ETH and deposit the funds as collateral. Then the hacker borrows 19M $AMP and makes use of the reentrancy bug to re-borrow 355 ETH inside $AMP token transfer. Then the hacker self-liquidates the borrow.

In addition, Peckshield said,

The funds are still parked in 0xCE1F….6EDE. We are actively monitoring this address for any movement.

Note that AMP is an Ethereum-based token designed to collateralize payments on the crypto network Flexa. The AMP token contract executes an ERC77-based registry smart contract known as ERC1820.

This attack is amid the increasing number of hacks and exploits among cryptocurrency platforms. The latest one is Bilaxy. Yesterday, Bilaxy issued an urgent notice warning on its official Twitter. The exchange has stated that it has suffered a hack.