Cryptocurrency loan service lost $130 million after a hack attack

Cream Finance, an Ethereum powered cryptocurrency lending service, was the victim of a crypto hack this Wednesday. The hackers made away with $130 million in stolen cryptocurrency. The attack exposed weaknesses in the C.R.E.A.M. v1 lending protocol, leading to services being shut down temporarily. This is the third time Cream Finance have been the target of such an attack as hacks targeting DeFi platforms rise. 

The attacker used what is known as a flash loan attack, and it is believed they found an exploit that allowed them to drain the lending pools of the C.R.E.A.M. v1 protocol. A flash loan is a type of unsecured cryptocurrency loan – an immediate loan that requires no collateral to take out. 

Cream Finance confirmed the exploit on Twitter, stating: “We are investigating an exploit on C.R.E.A.M. v1 on Ethereum and will share updates as soon as they are available.” They followed up later that day in another Twitter thread, explaining that the lending markets of C.R.E.A.M. v1 were targeted, and that $130 million worth of tokens had been removed from these markets. 

The team assured that the exploit that resulted in the hack had been patched, but that the C.R.E.A.M. v1 lending markets would remain paused while a post-mortem review was conducted. 

Cream Finance Hacks 

This attack is the third time DeFi loan platform Cream Finance has been the target of cryptocurrency hacks. This particular attack is the most significant and costly to target Cream Finance specifically, but is also one of the largest exploits to ever occur to a DeFi platform. 

In February this year, Cream Finance was the target of its first crypto hack in which hackers stole $36 million in another case of a flash loan attack. This time around, the hackers targeted the Iron Bank – Cream’s protocol-to-protocol lending platform. 

Again, in August this year, Cream received its second crypto hack when a bug was introduced after adding the Amp cryptocurrency token to the platform. The bug allowed the hacker to repeatedly borrow assets in the same transaction. This allowed the hacker to get away with $25 million in amp tokens, as well as $4 in Ethereum. 

Crypto Hacks 

DeFi platforms are quickly becoming a profitable platform of attack for crypto hackers, bringing into question how secure these DeFi platforms actually are. As crypto identity grows and becomes more prominent in global finance, hackers look more towards crypto platforms as bountiful targets. 

This particular attack on Cream Finance is the third largest DeFi hack to ever take place. The current record is held by DeFi platform Poly Network, who were the victim of an attack that cost them $600 million in cryptocurrencies.