Harmful actors continue to focus on decentralized financial projects that they want to abuse. On Wednesday, there was an attack on one of the main platforms for providing DeFi loans.
Cream Finance: Flash loan attack
The decentralized Cream Finance credit platform appears to have suffered a serious attack on Wednesday, in which the attacker stole more than $ 100 million worth of funds through a large-scale flash loan attack.
PeckShield, the blockchain data analysis company, was the first to identify the attack on Wednesday. The funds at risk were mainly the tokens of the liquidity provider Cream and other tokens based on Ethereum.
– PeckShield Inc. (@peckshield) October 27, 2021
During a flash loan attack, an attacker abuses vulnerable smart contracts to create his own arbitration opportunity. This is usually done by changing the relative value of the business pair by flooding the contract with its borrowed tokens.
Cream Finance is commonly targeted by attackers, as evidenced by the $ 19 million flash loan hack in August. As reported at the time, the attack was facilitated by a bug in reentrance introduced by the cryptocurrency Amp, an Ethereum-based token designed to secure digital payments on the Flexa platform.
Cream Finance forums appear to have been withdrawn as a result of the attack, although the protocol announced to its followers on Twitter that the flash loan was being investigated. Angry reactions have emerged on Twitter to Cream’s poor performance in protecting users’ resources.
We are investigating an exploit on CREAM v1 on ETH and will share updates as soon as they are available.
– Cream Finance 🍦 (@CreamdotFinance) October 27, 2021
While DeFi was praised for revolutionizing traditional financing and promoting financial inclusion, the industry’s performance in consumer protection is dismal. A comprehensive list of attacks on DeFi reveals 63 abuses as of September 16, with lost funds amounting to about $ 1.2 billion, according to CryptoSec. Cream Finance’s latest exploit would be one of the largest.
This attack was very large. However, there is not much information yet, so if anyone has the resources that have disappeared due to this exploit, be sure to follow the company’s Twitter. Although DeFi is considered a financial revolution, security is also very important and insufficient for many of these credit platforms.