Cream Finance loses $25M in second flash loan attack this year


CREAM Finance, the decentralized finance (DeFi) lending platform, lost $25 million in a flash loan attack this year which is the second attack in the past six months.
PeckShield Inc., the blockchain security company, first broke the news of this attack on Twitter by citing data from Etherscan. Cream confirmed the exploit shortly that resulted in a loss of 418,311,571 in AMP and 1,308.09 in ETH.
These amounts combined is roughly worth $25 million at today’s exchange rates. Since the news broke out, AMP has suffered by falling to almost 15%. However, Ethereum remains unaffected at around $3,200.
CREAM immediately stopped the supply and borrowing on AMP. The initial investigation carried out with the help of PeckSheild claims that the exploit occurred through reentrancy on the AMP token contract.
The first attack:
Cream had experienced a similar flash loan attack in February this year. In the first attack, CREAM lost almost $37.5 million worth of cryptocurrency. Specifically, it lost 13,200 wETH, 3.6 million USDC, 5.6 million USDT, and 4.2 million DAI.
The funds were exploited through Alpha Hamora which is an Ethereum protocol for leveraging a users position in yield farming pools. Alpha Labs proceeded to work with Andre Cronje, YFI founder and Cream Finance carry out investigation for the stolen funds. At that time, a prime suspect was identified.
Despite experiencing two flash loan attacks in a short span of six months, CREAM has been developing steadily. In june, Cream Finance was launched on the Polygon blockchain network to lower gas fees, facilitate faster transactions, and access to different markets for its users.

Rushali Das
CBW - External Analyst
INDIA