Hackers of the infamous Cream Finance heist reportedly exchanged roughly 1000 ETH which is worth $1.75 million for 80 RenBTC, blockchain security expert PechShield noted. RenBTC is an ERC-20 token that allows a decentralized representation of Bitcoin within Ethereum.
Twitter users reacted angrily with many questioning the platform’s competencies and its inability to prevent such attacks.
How many times Cream Finance be exploited until we admit people working on the project are imcompetent at least shouldn’t be working on financial products?
Flash loans have been known to be the most widely used by hackers to conduct exploits on decentralized finance [DeFi] systems. Such loans allow investors to borrow unsecured funds from lenders using smart contracts instead of third parties.
This year, another most outrageous flash loan attack was the Beanstalk heist. The stablecoin protocol was drained of $182 million. Next, in June, two more crypto platforms suffered similarly – Inverse Finance and Nirvana. But for Cream Finance, this wasn’t its first attack.
The Ethereum-based lending protocol was a target of multiple exploits but the most damaging of them was the $130 million attack in late 2021.
The incident caused a massive trust deficit for Cream Finance in the crypto circles which eventually made an impact on the token’s price leading to its near annihilation [ CREAM tokens plummeted by over 90%].
Cream Finance’s Third Hack
Prior to that, in Feb 2021, the DeFi protocol was attacked in a similar manner where bad actors stole $35 million. Cream Finance’s native token tanked by 30% in just one hour.
Then in August, the platform suffered the second hack that resulted in the attacker looting more than 418 million in AMP, the Flexa Network’s native token, and approximately 1,300 Ethereum.
Just recently, an Avalanche-based lending protocol Nereus Finance fell victim to a well-planned hack that saw hackers secure $371,000 worth of USD Coin [USDC] using a smart contract exploit.
After the incident, Nereus Finance released a detailed post-mortem of the incident explaining that the hacker was able to deploy a custom smart contract that utilized a $51 million flash loan from Aave to artificially inflate the Avalanche pool price for a single block.
The bad debt was reportedly paid off from the team’s treasury, as told by the Nereus in the report.