Cream Finance Suffers Another Exploit as Attacker Runs Away With USD 100M+
Ethereum (ETH)-powered decentralized finance (DeFi) project Cream Finance (CREAM) suffered another flash loan attack as the attacker reportedly stole more than USD 100m worth of tokens.
Blockchain analytics and security firm PeckShield flagged the attacker’s address, while Cream finance confirmed that they “are investigating an exploit on C.R.E.A.M. v1 on Ethereum and will share updates as soon as they are available.”
CREAM tanked following the news and, at 15:11 UTC, it trades at USD 111.61, dropping by almost 30% in an hour and a day.
“The hack is made possible due to a price manipulation bug in CREAM price oracle,” PeckShield said, adding that the hacker is still swapping the stolen funds via ParaSwap and Uniswap platforms.
Just this past August, Cream Finance lost USD 25m in another flash loan attack.
___
Reactions:
How about not using $CREAM @CreamdotFinance at all.
— Skinnvesten (💙,🧡) (@Skinnvaesten) October 27, 2021
First exploit, it's okay, mistakes happen, and can easily come back from it. Second exploit, uh buddy, didn't you learn the first time?
Third exploit, severe incompetence, do not use Cream.
Well the devs should come out with an IRS and SEC threat before that
— thesnakecharmer☀ (@snakecharmerXBT) October 27, 2021
___
Learn more:
– Vee Finance Reports an USD 36M Exploit, VEE Takes a Dive
– SushiSwap’s MISO Suffers USD 3M Attack, Contract Thefts May Rise
– Tether Frozen in Poly Hack Returned to Owners, Fuelling Centralization Debate
– Two More Binance Smart Chain Projects Report Incidents, Prices Plummet
___
(Updated at 16:55 UTC with additional comments from PeckShield.)
