Cream Finance exploited in blitz lending attack, grossing over $ 100 million – .

Cream Finance exploited in blitz lending attack, grossing over $ 100 million – .

Money Market and Decentralized Finance Loan Service (DeFi) CREAM Finance appears to have been the target of a devastating feat on Wednesday morning that drained more than $ 260 billion in funds, possibly the second biggest feat to date.
According to Cream’s native front-end, most Ethereum-based pools are now empty, with the exception of a $ 40 million CREAM pool. As of October 23, the protocol’s Ethereum markets had $ 300 million in assets.

Cream’s official Twitter account acknowledged the attack in a Tweet:

According to DeFillama, the protocol has an additional locked-in total value of $ 460 million (TVL) on Binance Smart Chain, Polygon, Avalanche and Fantom. It is not known if these funds are also at risk.

The funds appear to have been taken using a flash loan in a particularly complex transaction involving 68 different assets and costing over 9 ETH in gas. Of the $ 260 million lost, the attacker has recouped around $ 130 million in various cryptocurrencies, of which $ 40.6 million may be in illiquid crETH, a staked ETH derivative that may prove difficult to sell for the attacker.

The attacker is now working to ‘wash’ funds primarily using Ren’s Bitcoin bridge. As is often the case with exploits, individuals now use Ethereum transactions to request donations.

A representative for Cream did not respond to a request for comment at press time.

UPDATE (October 27 16:07 UTC): Added TVL information, market size information, and new developments from attacker’s Ethereum address. Removed reference to 3Pool from Curve as a mixer.


Please enter your comment!
Please enter your name here