Two Times in Six Months: Cream Finance Exploited for $25 Million in ETH and AMP

Two Times in Six Months: Cream Finance Exploited for $25 Million in ETH and AMP

Six months after getting hacked, Cream Finance – a permissionless, open-source, blockchain agnostic protocol – suffered another breach. The team reported losses of up to $25 million in ETH and AMP.

  • PeckShield Inc., a blockchain security company, highlighted the hack a few hours ago, providing the transaction in what appeared to be a flash loan attack against Cream Finance.
  • Shortly after, the team behind the DeFi protocol confirmed the news on Twitter. They said the C.R.E.A.M. v1 market on Ethereum was exploited through reentrancy on the AMP token contract.
  • The total losses, according to Cream Finance, are as follows – 418,311,571 AMP coins and 1,308.09 ETH tokens.
  • AMP’s price has crashed 15% in hours to $0.05 as of writing these lines, while ETH stands just under $3,200. The stolen amount is just over $25 million in USD terms.
  • Cream Finance further updated that they have stopped the attack by pausing the supply and borrow services on AMP. They also reassured users that the other markets remained unaffected.
  • The AMP token contract implements ERC77-based ERC1820, which has the _callPreTransferHooks for reentrancy. Thank you @peckshield for assisting with this investigation.— Cream Finance 🍦 (@CreamdotFinance) August 30, 2021

  • It’s worth noting that this is the second time this year that Cream Finance has become a victim of a hack. As reported in February, the previous attack resulted in a bit less than $24 million in ETH stolen.
  • Cream’s native token plummeted by 30% last time in hours six months ago, but this time it has dropped by 6% as of now.
  • Source