Defi Cream Finance Platform Hacked By Hackers, 29 Million Dollars Lost!

DeFi Cream platform hacked by hackers (OiCanadian)

JAKARTA – Cream Finance has reportedly been hacked and has lost 29 million US dollars (equivalent to Rp. 414 billion). The hacker managed to get in through the loophole when the platform was about to add the Amp token to the protocol. This incident is the second after last February Cream Finance was hacked and caused the loss of money worth 37.5 million US dollars (Rp 535 billion).

The Cream Protocol which is a lending platform is available in four different chains namely Ethereum, Binance Smart Chain, Polygon, and Fantom. The hack occurred on Monday, August 30 last. Hackers managed to get in via a bug when the Amp token was inserted into the protocol as reported by Bitcoin.com.

Blockchain security and data analytics company Peckshield said the hacking was carried out in one transaction by exploiting a reentrancy bug contained in the Amp crypto code.

The move allowed hackers to borrow assets during transfers before renewing the first loan. This activity was carried out 17 times so that hackers were able to steal 418,311,571 Amps worth 25.1 million US dollars (Rp. 358 billion) plus 1,308.09 Ethereum for 4.15 million US dollars (equivalent to Rp. 59 billion).

However, the Cream platform was audited by research and cybersecurity consulting firm Trails of Bits prior to incorporating the Amp token. Cream explained that they stopped the exploitation by stopping the supply and lending of Amp.

In addition, Cream also claimed to have informed its users and no other markets were affected. Users are also expected to offer post mortem reports in the near future. The hack is the second after the incident in February.

At that time, the Cream platform experienced a hacking incident that resulted in the loss of 37.5 million US dollars or around Rp. 535 billion. The hack took advantage of the contract version of Alpha Finance, another DeFi platform that has yet to be launched. Hackers exploit rounding miscalculations in code and whitelist functions. After successfully stealing the money, hackers send it to Tornado.cash, a protocol that allows private transactions on the Ethereum network.

Luckily, Cream platform users' funds were not affected. Even so, this proves that the world of DeFi is very complex, even a small change in the protocol such as adding a cryptocurrency to the platform could have an impact on the security system in the near future.