Hacker of Cream Finance Returns Stolen Funds worth $17.6M


Cream Finance’s hacker sent 5,152.6 ETH to Cream Finance's multi-sig wallet that they had stolen last month.
Cream Finance received a payback from unknown hackers who returned 90% of the stolen funds. The news broke as PeckShield, a blockchain security and data analytics firm, tweeted, “#FundReturn @CreamdotFinance hacker just returned 5,152.6 ETH.”
On Wednesday, Cream Finance controls received 5,152.6 ETH, which is worth $17.6 million from the hacker’s address. However, it still remains unclear as to why the hacker decided to return the stolen funds.
Cream Finance allows its users to lend and borrow a wider range of assets. Yesterday, it added support for popular NFT tokens such as Axie Infinity, Yield Guild, and Rarible. With this addition, Cream Finance became the first DeFi protocol to support AXS and YGG tokens as it tweeted, “The first step in building bridges between DeFi and NFTs is to create greater capital efficiency for their tokens through borrowing/lending opportunities.”
However, a hacker attacked the AMP Token market on August 30 that was listed on the DeFi protocol. The attacker took the help of a reentrancy bug that allowed it to get multiple high-value flash loans. This enabled the hacker to move funds out of the contract.
The CREAM Finance had released a post-mortem report for this incident on medium titled “C.R.E.A.M. Finance Post Mortem: AMP Exploit”. According to this report, Cream Finance had incurred a loss of 2,804.96 ETH and 462,079,976 AMP tokens that was valued at $34 million at the time. After the attack, the hacker traded the stolen AMP tokens. This left the wallet with 5,758 ETH.
“If the main exploiter is willing to send back the stolen funds, we will honor our normal 10% bug bounty and allow the exploiter to keep 10% of the funds as a bug bounty.” was written in the report.

Rushali Das
CBW - External Analyst
INDIA