Cream Finance Hacked For 27 Million USD


The DeFi protocol Cream Finance (CREAM) has suffered a hack, losing a total of over 27 million USD in the process. 

Only AMP contracts were affected

Cream Finance is a multi-chain lending platform operating on Ethereum, Binance Smart Chain, Polygon, and Fantom. According to their initial announcement on August 30, the hacker managed to steal 418 million AMP and 1,308 ETH from the affected smart contract, with a combined value of over 27 million USD. 

No other contracts were affected and the AMP smart contract has been suspended. On their Twitter account, AMP stated that their own token contract is working as intended and that they will be working together with Cream to investigate the issue. Cream Finance has announced to release a post-mortem report as soon as possible. 

PeckShield is leading the Investigations

The blockchain security firm PeckShield has picked up the investigations. The firm has published the attacker’s Ethereum address, which at the time of writing shows a total balance of over 19 million USD. 

According to their first reports, this hack was another example of a flash loan exploit. PeckShield explains in detail the steps the hacker has repeatedly taken 17 times to drain the funds:

The hacker makes a flash loan of 500 ETH and deposits the funds as collateral. Then the hacker borrows 19M $AMP and makes use of the reentrancy bug to re-borrow 355 ETH […]. Then the hacker self-liquidates the borrow.

Stay up to date on crypto news!

Sign up for our newsletter for all the hottest crypto stories, ICO reviews, and insights from leading experts of the crypto world - four times a week.

You have been signed up!