Leading DeFi lending protocol hacked (again)
Cream Finance has once again been the victim of a malicious hack as bad actors drained $130 million in funds from the protocol’s wallets in the last 24 hours. The hack was first identified by blockchain analytics firm PeckSheild, who discovered a large flash loan transaction that the hackers used to exploit the Cream Finance platform. The hackers used a flash loan transaction to abuse a flaw in the smart contracts, allowing them to systematically empty certain wallets.
The hackers zoned in on the Cream LP tokens as well as various Ethereum based ERC-20 tokens. According to data, the hackers moved $92 million worth of funds into one address and $23 million into another address. Additionally, transferring funds to other addresses. It now appears that the attackers have moved the funds to different wallets. Following the incident, the price of Cream token dived, from $152 to $111 in minutes, representing a 37% drop in the last 24 hours.
This is the third time Cream Finance has been hacked in 2021. In February, they lost $37.5 million after hackers exploited a vulnerability in instant or flash credit technology. In August, the decentralized finance protocol also lost $18.8 million after unknown hackers drained funds through flash loans exploits by introducing a reentrancy bug to the AMP token.
Cries for investor protection
Alarmingly, this is not an isolated case with hacks in the DeFi ecosystem accounting for nearly 76% of all major hacks worldwide in 2021 so far, according to a report by security firm AtlasVPN. The report claims fraudsters are targeting these high-value contracts with fake projects. A total of $361 million has been lost in DeFi hacks compared to $129 million last year, according to the report. Moreover, these are just hacks. If we take into account rug pulls then the figure jumps to almost half a billion dollars in 2021 alone.
The biggest DeFi hack this year happened in May when PancakeBunny, a Binance Smart Chain protocol, suffered a flash loan exploit that led to $45 million worth of crypto assets being drained from the platform. The attacker then sold BUNNY tokens for BNB, deflating the price of BUNNY tokens from $146, down to $6. The long-term result was BUNNY is now worth around $3 and needless to say the community has lost faith in the platform.
Despite what most see as the year of NFTs, the appetite for DeFi is once more reiterated by the rising total value locked in Ethereum DeFi protocols over the last 12 months. This time last year TVL in Ethereum DeFi was just $11 billion, today it stands at over $150 billion.
High-growth industries bring opportunities for both honest and dishonest people, and blockchain is no different. For every ten honest investors, there may be one fraudster. While regulation debates rage it’s up to the community that started this all to protect users. Look out for each other and prompt those newer to the space to be careful and research. Blockchain tribalism is still stronger than ever according to our latest DeFi Whale Report. However, one thing nobody can argue with is that whatever chain, dapp, or service investors choose to use – there should be a level of protection.
The above does not constitute investment advice. The information given here is purely for informational purposes only. Please exercise due diligence and do your research. The writer holds positions in ETH, BTC, ADA, MATIC, SAFEMOON, HEX, LINK, GRT, CRO, OMI, USDT, SOL, SHIBA INU, AVASTR, RAY, BOSON, AND OCEAN