BanklessTimes
Home News Cream Finance Suffers Another Attack Losing $100 MIllion

Cream Finance Suffers Another Attack Losing $100 MIllion

Ruby Layram
Ruby Layram
Ruby Layram
Author:
Ruby Layram
Crypto Content Editor
Ruby is a seasoned Editor with 5 years of experience working in the cryptocurrency space. She currently works as a Crypto Content Editor for BanklessTimes with a focus on creating informative content that helps our readers navigate cryptocurrency with confidence. Ruby discovered crypto whilst working as a freelance writer at University. She has been passionate about shedding light on crypto and DeFi through valuable content ever since. Before joining the team at BanklessTimes, Ruby worked on a number of established finance sites including The Motley Fool, TradingPlatforms.com, StockApps, ICOBench, and MoneyMagpie.com.
January 31st, 2023

Cream Finance has suffered yet another flash loan attack. The Ethereum-powered decentralised finance project had $100 million stolen by an attacker, who has not yet been identified. 

Blockchain analytics and security firm PeckShield were the first to flag the attacker’s address. Cream finance have since confirmed that they are investigating an exploit on CREAM v1 on Ethereum and that they will share updates as soon as they are available. 

After releasing the news, the price of CREAM dropped. It now trades at $111.61, dropping almost 30% in an hour. 

This is not the first attack that the project has experienced. In August, the firm was the victim of another flash loan attack in which $25 million was stolen. 

The latest attack has not gone down well in the crypto space. Many traders are now expressing their concerns over trading CREAM, saying that two attacks in such a short time period is down to more than a simple mistake. 

One Twitter user, @skinnvaesten, wrote “How about not using CREAM at all. First exploit, it’s okay, mistakes happen. Second exploit, uh buddy, didn’t you learn the first time? Third exploit, severe incompetence, do not use Cream.” 

Another user wrote, “Looks like @creamdotfinance is dead boys”, implicating the downfall of the firm after the attack. 

A flash attack 

The devastating exploit that occurred on Wednesday drained over $1 billion in funds, making it one of the largest DeFi exploits to date. According to Cream’s frontend, most Ethereum pools are now completely empty. 

The funds appear to have been taken in a flash loan in a complex transaction that involved 68 different assets and cost the attacker 9 ETH in gas. The attacker’s contract now holds $92 million in crypto assets and the creator’s address holds a further $22 million.

The attacker is now using a number of privacy-preserving mixing services to ‘wash’ the funds. Further details are yet to be announced. 

Contributors

Ruby Layram
Crypto Content Editor
Ruby is a seasoned Editor with 5 years of experience working in the cryptocurrency space. She currently works as a Crypto Content Editor for BanklessTimes with a focus on creating informative content that helps our readers navigate cryptocurrency with confidence. Ruby discovered crypto whilst working as a freelance writer at University. She has been passionate about shedding light on crypto and DeFi through valuable content ever since. Before joining the team at BanklessTimes, Ruby worked on a number of established finance sites including The Motley Fool, TradingPlatforms.com, StockApps, ICOBench, and MoneyMagpie.com.