Cream Finance Hacked for $130 Million In Another Flash Loan Attack
Decentralized lending protocol Cream Finance has suffered a flash loan attack, losing over $130 million worth of various crypto assets. This was the third successful hack against the popular DeFi project in the past year.
Cream Finance has confirmed it suffered an exploit this Wednesday through a flash loan attack, compromising mostly Cream LP tokens and other ERC-20 coins.
Blockchain security firm PeckShield was the first to identify the attack. Data from blockchain explorer Etherscan shows $132 million was stolen from the C.R.E.A.M v1 marketplace on Ethereum, later sent to two different wallets.
The flash loan involved 68 different assets and cost around 9 ETH in gas. At press time, the attacker now holds $92 million worth of various tokens on its contract, and $22 million are held by the contract creator’s address.
— PeckShield Inc. (@peckshield) October 27, 2021
The price of CREAM plunged -27% minutes after the attack, down from $152 to $111, according to data from CoinGecko.
This is the third time Cream Finance has suffered a security breach this year alone. As CryptoPotato reported on August 30, the lending protocol was hacked through reentrancy on the AMP token contract, losing an estimated $25 million in AMP coins and ERC-20 tokens.
This is not only Cream Finance’s biggest hack – it’s the third-largest in DeFi history, according to some estimations. While Rekt’s leaderboard has not been updated, this hack moves EasyFi’s $59 million exploit to the 4th spot, while Poly Network and Compound remain the leaders of the board.