Decentralized lending platform Cream Finance seems to have suffered a extreme exploit on Wednesday, with an attacker stealing over $100 million price of funds by a big flash mortgage assault. 

Blockchain knowledge analytics firm PeckShield first identified the flash mortgage on Wednesday. The compromised funds have been primarily Cream liquidity supplier tokens, in addition to different Ethereum-based tokens.


Throughout a flash mortgage assault, an attacker exploits weak sensible contracts to be able to create their very own arbitrage alternative. Sometimes, that is performed by modifying the relative worth of a buying and selling pair by flooding the contract utilizing their loaned tokens.

Cream Finance has been routinely focused by attackers, as evidenced by the $19-million flash mortgage hack of the protocol in August. As Cointelegraph reported on the time, the assault was facilitated by a reentrancy bug introduced by the Amp cryptocurrency, an Ethereum-based token designed to collateralize digital funds on Flexa. On the time of writing, Cream’s complete worth locked (TVL) was worth over $1.5 billion, in response to trade sources. 

Cream Finance TVL. Supply: Defillama

Cream Finance’s boards seem to have been pulled within the wake of the assault, although the protocol did notify its Twitter followers that the flash mortgage is being investigated. The Twitter thread is full of indignant responses about Cream’s poor observe file in the case of safeguarding person funds. 

Associated: Hackers exploit MFA flaw to steal from 6,000 Coinbase customers — Report

Whereas decentralized finance, or DeFi, has been lauded for revolutionizing conventional finance and selling monetary inclusion, the trade’s observe file concerning client safety has been shoddy. A complete checklist of DeFi assaults reveals 63 exploits as of Sept. 16, with the misplaced funds totaling roughly $1.2 billion, in response to CryptoSec. The most recent exploit of Cream Finance can be one of many largest.

The worth of Cream Finance’s CREAM token crashed amid the information, falling greater than 26% to $115.47, in response to Cointelegraph Markets Pro.