Ethereum-based liquidity pools on C.R.E.The.M Finance were drained by an attacker which led to $115 million leaving the platform; this can make the C.R.E.The.M Finance exploit the third-largest DeFi attack in DeFi history based on the Rekt leaderboard, which tracks and ranks the full total value lost in a variety of DeFi hacks.
We have been investigating an exploit on C.R.E.The.M. v1 on Ethereum and can share updates the moment they are accessible.
Cream Finance (@CreamdotFinance) October 27, 2021
Based on the DeFi data aggregator DeFi Lama, there is approximately $1.06 billion locked inside C.R.E.The.M Finances ETH-based liquidity pools prior to the period of the attack. However now, when you verify the markets page on the C.R.E.The.M Finance website, you will discover that a lot of of its ethereum-dependent pools have zero liquidity. Following the hacker drained the liquidity pools, they delivered $92 million to 1 address and $23 million to another address.
The attacker, who remains unknown, could drain the liquidity pools by using a flash mortgage attack. A flash mortgage attack will be when an attacker removes a loan in one DeFi platform or company and utilizes the borrowed cash to interact with clever contracts in a manner that manipulates prices of DeFi tokens within their favor in order to subsequently drain a tasks liquidity swimming pool at prices favorable in their mind.
PeckShield Inc. (@peckshield) October 27, 2021
The C.R.E.A.M Financing exploit was complicated and needed the attacker to transfer 68 different tokens with their personal wallet from many special locations. The attack has been so huge, that it costs the attacker 9.16 Ether in transaction fees roughly $36,700 by press period to execute the attack on-chain.
By press period, the hacker is wanting to launder the amount of money by delivering it to providers and platforms that obfuscate deal history by mixing user transactions collectively before redistributing the jumbled money.
Two exploits in 8 weeks
This isnt the 1st time that C.R.E.The.M finance has already been exploited, in August, C.R.E.The.M finance was exploited for $18.8 million by using a flash mortgage attack.
1/4 @CreamFinance was exploited in (1 hack tx: https://t.co/JPW7e368qd), resulting in the gain of ~$18.8M for the hacker.
PeckShield Inc. (@peckshield) August 30, 2021
Flash loans continue being a popular solution to exploit DeFi platforms and agreements. It is hard for platforms to safeguard against these kinds of attacks because exploits dont need attackers to breach the machine they’re attacking. Instead, they might need the attacker to possess advanced understanding of the machine in a manner that lets them understand how their actions using one finish of the platform or an external platform, influence the areas of the platform they’re exploiting.
This most recent C.R.E.The.M Financing exploit is a growing story, and the C.R.E.The.M Finance group says they’ll be sharing updates the moment they are accessible.
FollowCoinGeeks Crypto Crime Cartelseries, which delves in to the blast of groupsa fromBitMEXtoBinance,Bitcoin.com,Blockstream,ShapeShift,Coinbase,Rippleand
Ethereumwho’ve co-opted the electronic asset revolution and turned the right into a minefield for nave (and also experienced) players on the market.
Not used to Bitcoin? Have a look at CoinGeeksBitcoin for novicessection, the best resource guide to find out more about Bitcoinas initially envisioned by Satoshi Nakamotoand blockchain.