Crema Finance DeFi Platform Hacked, Touch Loss $8.7 Million USD

Please wait 0 seconds...
Scroll Down and click on Go to Link for destination
Congrats! Link is Generated

Crypto Hacker Illustration | Pic by Coingape
Crypto Hacker Illustration | Pic by Coingape

Solana-based liquidity protocol Crema Finance lost more than USD 8.78 million in cryptocurrency stolen from its platform in an attack over the weekend.

Crema Finance said it had suspended its smart contract following the attack. The protocol allows liquidity providers to set specific price ranges, add one-sided liquidity and trade range orders.

"We have worked closely with several experienced security agencies and related organizations to track the movement of hacker funds," said developer Crema Finance, quoted from CoinDesk, Wednesday (6/7/2022).

The value locked in Crema plunged to $3 million on Monday from more than $12 million on Saturday after the exploit, data showed. Crema has seen trading volume of $1.34 billion since it started in January.

The attacker starts by creating a fake tick account. A tick account is a “special account that stores price tick data in CLMM,” says the developer, referring to Crema's market-building protocol. After that, the attacker exploits the command by writing data on fake accounts and circumventing security measures.

The attacker then uses the flash loan to manipulate asset prices on the liquidity pool. This, along with bogus data entry, allowed attackers to claim "enormous amounts of fees from the pool."

Express loans allow merchants to borrow unsecured loans from lenders by relying on smart contracts instead of third parties.

The stolen funds were exchanged for 69422.9 solana (SOL) and 6,497,738 USD Coin (USDC). Solana-based USDC was then bridged to the Ethereum network via Wormhole and exchanged for 6,064 Ether (ETH). This fund amounts to more than USD 8.5 million at current prices.

The attacker's Ethereum address, 0x8021b2962dB803b73Aa874030B0B42c202E8458F as flagged by the Etherscan blockchain scanning tool, has not transferred the stolen or converted funds to other coins.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.