|Crypto Hacker Illustration | Pic by Coingape|
Solana-based liquidity protocol Crema Finance lost more than USD 8.78 million in cryptocurrency stolen from its platform in an attack over the weekend.
Crema Finance said it had suspended its smart contract following the attack. The protocol allows liquidity providers to set specific price ranges, add one-sided liquidity and trade range orders.
"We have worked closely with several experienced security agencies and related organizations to track the movement of hacker funds," said developer Crema Finance, quoted from CoinDesk, Wednesday (6/7/2022).
The value locked in Crema plunged to $3 million on Monday from more than $12 million on Saturday after the exploit, data showed. Crema has seen trading volume of $1.34 billion since it started in January.
The attacker starts by creating a fake tick account. A tick account is a “special account that stores price tick data in CLMM,” says the developer, referring to Crema's market-building protocol. After that, the attacker exploits the command by writing data on fake accounts and circumventing security measures.
The attacker then uses the flash loan to manipulate asset prices on the liquidity pool. This, along with bogus data entry, allowed attackers to claim "enormous amounts of fees from the pool."
Express loans allow merchants to borrow unsecured loans from lenders by relying on smart contracts instead of third parties.
The stolen funds were exchanged for 69422.9 solana (SOL) and 6,497,738 USD Coin (USDC). Solana-based USDC was then bridged to the Ethereum network via Wormhole and exchanged for 6,064 Ether (ETH). This fund amounts to more than USD 8.5 million at current prices.
The attacker's Ethereum address, 0x8021b2962dB803b73Aa874030B0B42c202E8458F as flagged by the Etherscan blockchain scanning tool, has not transferred the stolen or converted funds to other coins.