Cream Finance, a decentralized lending platform, appears to have been the victim of a serious exploit Wednesday. An attacker stole more than $100 million in funds via a large flash-loan attack.
PeckShield, a blockchain data analytics company, first identified the flash loans on Wednesday. The funds compromised were mainly Cream liquidity provider tokens as well as other Ethereum tokens.
— PeckShield Inc., (@peckshield), October 27, 2021
An attacker can exploit vulnerable smart contracts to create an arbitrage opportunity during a flash-loan attack. This is usually done by altering the relative value of a trading pair using their loaned tokens.
Attackers have been targeting Cream Finance regularly, as demonstrated by the $19 million flash loan hack of the protocol back in August. Cointelegraph reported that the attackers were aided by an Ethereum-based token, Amp cryptocurrency. This token is used to secure digital payments on Flexa. According to industry sources, Cream’s total value locked at the time of writing was over $1.5 billion.
Cream Finance TVL. Source: Defillama
Cream Finance’s forums seem to have been taken down in the aftermath of the attack. However, the protocol did inform its Twitter followers that the flash loans are being investigated. There are many angry comments on the Twitter thread about Cream’s poor record in protecting user funds.
We are currently investigating an exploit on C.R.E.A.M. We are currently working on v1 Ethereum and will keep you posted as soon as we have any updates.
Cream Finance (@CreamdotFinance October 27, 2021
Related: Hackers exploit MFA flaw in Coinbase to steal from 6,000 Coinbase users — Report
Decentralized finance (or DeFi) has been widely praised for its ability to revolutionize traditional finance and promote financial inclusion. However, the industry’s record in consumer protection is poor. According to CryptoSec, there were 63 DeFi-related exploits as of September 16, totaling $1.2 billion in lost funds. Cream Finance’s latest exploit would be the largest.
According to Cointelegraph Markets Pro, the value of Cream Finance’s token CREAM fell more than 26% to $115.47.