Cream Finance is a cryptocurrency-focused lending platform that allows both retail and institutional stakeholders to lend and borrow. Recently, the platform was targeted by a hacker who took off with a massive amount by taking advantage of a small technical bug on the network. The Cream Finance team is suffering from a $29 million loss as a result of the hack.
The users who have cryptocurrency can use this forum to lend it against the crtoken. This token is representative of the total amount of interest that a lender can earn from staking. The users who want to borrow do not need to go through any third-party authentication, present any collateral, or share their credit score for borrowing virtual currencies.
Hacker Exploited Bug to Steal Crypto Assets
PeckShield is a smart contracts cyber security consultant that worked on the matter of the Cream Finance hack. The firm noted in the first response report that the platform uses ERC-1820 token that is based on the ERC-777 token protocols. As per the IT experts, this type of token use makes the platform susceptible to reentrancy bugs.
The reentrancy is a process where any number of authoritative protocols can run on the same loop on a singular processing unit. To take advantage of the bug, the hacker drew a flash loan valued at 500 ETH tokens. By definition, this type of loan does not require any collateral. The hackers then used the borrowed tokens to deposit as collateral for borrowing 19 million AMP tokens. AMP tokens are a ConsenSys-pegged virtual surety.
The report submitted by PeckShield reveals that the hacker went on to borrow another 355 ETH before self-liquidating the loan. He then kept repeating the process until the DApps allowed him to extract the funds without any obstacles. The hacker got away with 41.8 million AMP tokens, in addition to the 1308 ETH tokens. At the current market value, this much ETH is worth $25 million.
The management of Cream Finance has stopped the main operations for the time being. Its native token went down by 4.8% since the hack and currently trading for $167 per unit. At present, the Cream Finance management is investigating the attack and planning to come up with better ways to compensate its users.