{"id":11524,"date":"2021-08-31T08:54:02","date_gmt":"2021-08-31T08:54:02","guid":{"rendered":"https:\/\/www.buyucoin.com\/crypto-labs\/defi-platform-cream-finance-hacked-29-million-lost\/"},"modified":"2021-08-31T08:54:02","modified_gmt":"2021-08-31T08:54:02","slug":"defi-platform-cream-finance-hacked-29-million-lost","status":"publish","type":"post","link":"https:\/\/www.buyucoin.com\/crypto-labs\/defi-platform-cream-finance-hacked-29-million-lost\/","title":{"rendered":"Defi Platform Cream Finance Hacked, $29 Million Lost"},"content":{"rendered":"<p><strong>Cream finance, a defi borrowing and lending protocol, has been the victim of a hack that erased more than $29 million from its vaults. The attacker took advantage of a loophole in the implementation for adding the amp token to the protocol. This is the second time the platform has been involved in a hack. The first breach happened in February, when Cream lost $37.5 million.<\/strong><\/p>\n<h2>Cream Protocol Suffers Hack<\/h2>\n<p>Cream <a href=\"https:\/\/app.cream.finance\/\">protocol<\/a>, a defi lending-borrowing platform present on four different chains (Ethereum, BSC, Polygon, and Fantom), suffered a <a href=\"https:\/\/twitter.com\/CreamdotFinance\/status\/1432249771750686721?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1432249771750686721%7Ctwgr%5E%7Ctwcon%5Es1_&amp;ref_url=https%3A%2F%2Fwww.diariobitcoin.com%2Fmercados%2Fmercados-defi%2Fplataforma-defi-cream-finance-sufre-segundo-hackeo-en-seis-meses-por-usd-25-millones%2F\">hack<\/a> Monday that resulted in the loss of $29 million in several cryptocurrencies. The attacker took advantage of a bug caused by the introduction of the amp token into the protocol. According to <a href=\"https:\/\/twitter.com\/peckshield\/status\/1432250118904889344\">Peckshield<\/a>, a blockchain security and data analytics company, the hack was <a href=\"https:\/\/twitter.com\/peckshield\/status\/1432249600002478081?s=20\">perpetrated<\/a> in just one transaction, taking advantage of a reentrancy bug present in the code of the amp currency.<\/p>\n<p>This allowed the hacker to re-borrow assets during the transfer before updating the first borrow. The exploit was repeated 17 times and allowed the hacker to get ahold of 418,311,571 amp (worth $25.1 million) and 1,308.09 ethereum (worth $4.15 million). The platform had been audited by Trails Of Bits, a cybersecurity research and consulting firm, prior to the inclusion of the amp token.<\/p>\n<p>Cream <a href=\"https:\/\/twitter.com\/CreamdotFinance\/status\/1432249771750686721?s=20\">declared<\/a> it stopped the exploit by pausing supply and borrow on amp. The protocol also informed users that no other markets were affected, and that it was expecting to offer a post mortem report at a later date.<\/p>\n<p><!-- growjs zone placement 31 -->    <!-- end of growjs zone placement --> <\/p>\n<h2>Not the First Time<\/h2>\n<p>This is not the first time Cream has suffered a hacking incident. Less than six months ago, the platform was also <a href=\"https:\/\/news.bitcoin.com\/cream-iron-bank-flash-loan-attack-markets-re-enabled-while-asset-borrow-is-paused\/\">affected<\/a> by a hack that allowed the attacker to withdraw $37.5 million. The hack, using an unreleased version of a contract of Alpha Finance, another defi protocol, exploited a rounding miscalculation in the code and a whitelisting function. After taking control of the funds, the attacker took them to Tornado.cash, a protocol that allows private transactions in Ethereum.<\/p>\n<p>Luckily, no user funds were affected during this first hack. However, it shows that the defi environment is very complex and that even a small change in protocol (like adding a currency or whitelisting another platform) can have a big impact on security in the future.<\/p>\n<p><em><strong>What do you think about defi-related hacks? Tell us in the comments section below.<\/strong><\/em><\/p>\n<p>Bitcoin News<br \/>\nNews, bug, cream finance, DeFi, Exploit, Hack, Peckshield, Trails Of Bits<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cream finance, a defi borrowing and lending protocol, has been the victim of a hack that erased more than $29 million from its vaults. The attacker took advantage of a loophole in the implementation for adding the amp token to the protocol. This is the second time the platform has been involved in a hack.&hellip;<\/p>\n","protected":false},"author":0,"featured_media":11525,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[53,3],"tags":[],"class_list":["post-11524","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blockchain-news","category-coin-news"],"_links":{"self":[{"href":"https:\/\/www.buyucoin.com\/crypto-labs\/wp-json\/wp\/v2\/posts\/11524"}],"collection":[{"href":"https:\/\/www.buyucoin.com\/crypto-labs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.buyucoin.com\/crypto-labs\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/www.buyucoin.com\/crypto-labs\/wp-json\/wp\/v2\/comments?post=11524"}],"version-history":[{"count":0,"href":"https:\/\/www.buyucoin.com\/crypto-labs\/wp-json\/wp\/v2\/posts\/11524\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.buyucoin.com\/crypto-labs\/wp-json\/wp\/v2\/media\/11525"}],"wp:attachment":[{"href":"https:\/\/www.buyucoin.com\/crypto-labs\/wp-json\/wp\/v2\/media?parent=11524"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.buyucoin.com\/crypto-labs\/wp-json\/wp\/v2\/categories?post=11524"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.buyucoin.com\/crypto-labs\/wp-json\/wp\/v2\/tags?post=11524"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}