The Cream.Finance crypto credit platform has had crypto money with a current value of around 30 million euros stolen by exploiting a security flaw. In total, the unknown attackers were able to insert a total of around 462 million AMP tokens (currently around 21.48 million euros) and 2,804.96 ethers (currently 8.84 million euros) last Tuesday.
The exploited flaw allowed a so-called reentrance attack, launches Cream.Finance in a blog post. With such an attack, for example, functions can be performed over and over again without the account balance being updated in the function call. The best-known example of such attacks is the dramatic demise of the multi-million dollar DAO project. At Cream.Finance, the attackers could have cheated a loan function and received more money than expected, he said. In total, there were 17 fraudulent transactions; there was also probably a copycat offender.
Parts must be refunded
Cream.Finance specializes in lending activities with crypto money and is assigned to so-called challenge platforms. Users can use it to lend interest on crypto money or take out loans. Defi stands for Decentralized Finance, that is, the attempt to create new automated financial services based on smart contracts on decentralized blockchains such as Ethereum.
The problem apparently lay in the implementation of the AMP token created according to the ERC-777 standard in its own protocol, Cream.Finance explained. You got that with help security firm Peckshield found out. Until there is a fix for the flaw, credit functions around AMP tokens are initially blocked. Everyone involved should be reimbursed for the loss of ether and AMP, Cream.Finance said. This should be funded by reserving 20 percent of the fees collected by the service for reimbursement.
Raids in Defi-Land
This is the second serious security incident at Cream.Finance in the past six months. In February, the attackers succeeded Cream’s Ironbank Platform To Facilitate Around $ 38 Million In Cryptocurrency. However, the attack took place through a crypto service from Alpha Finance, which they worked with.
In general, the Defi ecosystem appears to be a popular target. It was not until August that a hacker managed to steal coins from the Polynetwork platform valued at over US $ 600 million at the time. However, the hacker was sympathetic and gradually returned the amount withdrawn. Polynetwork had offered him a job as a security advisor; if the hacker accepted that remained open.
Cream also hopes for a nice white hat hacker. Finances: If the primary attacker is willing to return the money, he will reward 10% of the amount as a regular bug bounty, with no threat of consequences. At the same time, however, the crypto platform also offered a reward for the information that led to the arrest of the perpetrator. Here you want to share 50 percent of the amount received with tipsters.
Disclaimer: This article is generated from the feed and not edited by our team.