Defi Hack: CREAM Finance Promises to Payback Stolen Ether & AMP to Users
The Defi protocol platform, CREAM Finance has updated the users of its plan after the hack, in a recent post-mortem piece. It has guaranteed to repay the stolen ETH and AMP so that there are no liquidity issues for the users.
However, to accomplish a complete payback, CREAM Finance will be allocating 20% of its protocol fees toward repayment until stolen balances of all traders have been restored. Furthermore, the Defi protocol platform has announced to post CREAM collateral with the Flexa and AMP team to secure this debt, and victims of the hack can conveniently submit a request for the same through a Google form.
“Our community and users are our priority. We are working with authorities to trace the attacker and have created a plan to restore funds lost.”, promised CREAM Finance.
CREAM Finance reveals the cause of the exploit
CREAM Finance revealed that this was the first time ever that someone was able to directly exploit its Defi protocol. The organization shared that the hack was in phases, with the main exploit along with a smaller copy-cat.
CREAM Finance clarified that the hack was not caused because of a bug or issue with AMP’s code. However, with PeckShield’s help, the organization found out that the exploit was caused because of an error in the way C.R.E.A.M. Finance integrated AMP into its protocol.
“At approximately 12 pm on 31st August (UTC +8), C.R.E.A.M. Finance was exploited for 462,079,976 in AMP tokens and 2,804.96 ETH tokens.”, CREAM Finance clarified the exploit amount.
CREAM announces Bug Bounty
CREAM Finance in a desperate attempt to recover the stolen funds has announced a bug bounty for anyone who can identify and provide information leading to the hacker. The informant will acquire the massive 50%, out of all funds returned.
Interestingly, CREAM Finance has also offered a bug bounty to the hacker if she/he agrees to return the stolen balances. The hacker will be allowed to keep 10 percent of all funds returned.
“If the main exploiter is willing to send back the stolen funds, we will honor our normal 10% bug bounty and allow the exploiter to keep 10% of the funds as a bug bounty.”, said CREAM.