Your hacker Blog

Threat actors stole $19 million worth of crypto assets from Cream Finance

Crooks have stolen more than $19 million in cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform.

Threat actors have stolen more than $19 million in cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform.

C.R.E.A.M. Finance is a decentralized lending protocol for individuals, institutions and protocols to access financial services. It promises earnings to users who are passively holding ETH or wBTC.

The security breach was confirmed by the company with a message via Twitter:

C.R.E.A.M. v1 market on Ethereum has suffered an exploit, resulting in a loss of 418,311,571 in AMP and 1,308.09 in ETH, by way of reentrancy on the AMP token contract.We have stopped the exploit by pausing supply and borrow on AMP. No other markets were affected.— Cream Finance (@CreamdotFinance) August 30, 2021The blockchain security firm PeckShield first spotted the attack and published a series of Tweets containing evidence of the security breach.

1/4 @CreamFinance was exploited in (one hack tx: https://t.co/JPW7e368qd), leading to the gain of ~$18.8M for the hacker.— PeckShield Inc. (@peckshield) August 30, 2021According to Cream Finance, attackers conducted “reentrancy attack” in its “flash loan” feature to steal 418,311,571 in AMP tokens and 1,308.09 in ETH coins.

“The AMP token contract implements ERC77-based ERC1820, which has the _callPreTransferHooks for reentrancy. Thank you @peckshield for assisting with this investigation.” states the DeFi platform.

Reentrancy attacks consist in withdrawing funds repeatedly before the original transaction is approved or declined.

According to PeckShield the attackers exploited a bug in the ERC777 token contract interface implemented by Cream Finance to interact with the Etherium blockchain.

3/4 Specifically, in the example tx, the hacker makes a flashloan of 500 ETH and deposit the funds as collateral. Then the hacker borrows 19M $AMP and makes use of the reentrancy bug to re-borrow 355 ETH inside $AMP token transfer(). Then the hacker self-liquidates the borrow. pic.twitter.com/ryVX2RoxhJ— PeckShield Inc. (@peckshield) August 30, 2021DeFi attacks are becoming very profitable for threat actors, according to a recent post published by CipherTrace they totalled 361 million By July 2021 and accounted for 76% of all major hacks in 2021.

“By July 2021, DeFi-related hacks total $361 million, already making up three-quarters of the total hack volume this year—a 2.7x increase from 2020. DeFi-related fraud continues to rise, as well. At the time of this report, DeFi-related fraud accounted for 54% of major crypto fraud volume, whereas last year DeFi-related fraud only made up 3% of the year’s total.” states CipherTrace.

Follow me on Twitter: @securityaffairs and Facebook

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, DeFi)

The post Threat actors stole $19 million worth of crypto assets from Cream Finance appeared first on Security Affairs.