Cream Finance, a lending and borrowing challenge protocol, was the victim to a hack that wiped out more than $29 million. The hacker took advantage of an implementation flaw in order to add the amp token the protocol. This hack is the second to occur on the platform. Cream lost $ 37.5 millions in February.
Hacking affects Cream Protocol
Cream ProtocolA challenging lending platform that was present on four chains (Ethereum. BSC. Polygon. Fantom) was shut down. To hackMonday’s attack resulted in the theft of $ 29,000,000 in several cryptocurrencies. The protocol introduced an amp token which the attacker used to exploit a bug. According to PeckshieldThe hack was committed by, a data analytics and blockchain security company. PerpetratedYou can use the reentrancy code in the amp’s currency to make a single transaction.
This allowed the hacker re-borrow funds during the transfer, before updating the original loan. The hacker used the exploit 17 times to get 418,311,571 ac (worth $ 25.1 Million) and 1,308.09 electron (worth 4.15 Millions of dollars).(*(). Trails Of Bits was responsible for auditing the platform before it was approved by the security research and consulting firm.Cream
declaredThe exploit was stopped by stopping the power supply from being turned off and borrowing money from the amp. Protocol users were also informed that no other markets had been affected and that they would be submitting a post-mortem report later.Not the first.
Cream has been hacked before. The hacker was able to withdraw $ 37.5million from the platform less than six months earlier. Hackers used a never-before seen version of Alpha Finance, another challenge protocol, to exploit a rounding error in the code, and a whitelist function. The attacker gained control of the funds and took them to Tornado.cash which allows private transactions in Ethereum.
Fortunately, no user funds were compromised during the first hack. This shows that the challenge environment can be very complex and that even small changes in protocol (like whitelisting another platform or adding a currency) can have a significant impact on security in the future.
What do you think about the challenge hacks? Comment below.
Credits for the image
: Shutterstock. Pixabay. Wiki CommonsDisclaimer
This article is only for informational purposes. This article is not intended to be a solicitation or offer to buy or sell any product, service, or business. Bitcoin.comDoes not offer investment, tax, legal, or accounting advice. The author and the company are not responsible for any damage or loss resulting from or allegedly caused in connection to the use or reliance of any content, good, or service mentioned in this article.Source