Cyber Attacks

 Threat actors stole crypto assets from Cream Finance

0

Hackers have stolen more than $29 million worth of cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform.

C.R.E.A.M. Finance is a decentralized lending protocol for individuals, institutions and protocols to access financial services. It promises earnings to users who are passively holding ETH or wBTC.

The company has confirmed about the security breach via Twitter.

The attack as first spotted by the blockchain security firm PeckShield who had published a series of Tweets containing evidence of the security breach.

According to Cream Finance, attackers conducted “reentrancy attack” in its “flash loan” feature to steal 418,311,571 in AMP tokens and 1,308.09 in ETH coins.

The finance platform stated that the AMP token contract implements ERC77-based ERC1820, which has the _callPreTransferHooks for reentrancy.

Reentrancy attacks consist of withdrawing funds repeatedly before the original transaction is approved or declined.

According to PeckShield the attackers exploited a bug in the ERC777 token contract interface implemented by Cream Finance to interact with the Etherium blockchain.

Cream is now working with law enforcement to try and trace the attacker. The organization has paused AMP supply and borrow functions until a patch can be deployed. The stolen ETH and AMP will be replaced, with 20% of protocol fees now earmarked to repay customers.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Attackers can remotely disable Fortress Wi-Fi home security alarms

    Previous article

    Fired NY credit union employee deletes 21GB of data in revenge

    Next article

    You may also like

    Comments

    Leave a reply

    Your email address will not be published. Required fields are marked *