Cream Finance, the decentralized lending protocol, has suffered a severe exploit, with a hacker stealing $19 million from its platform.
It has been reported by a blockchain security firm PeckShield that an unknown hacker has managed to gain $18.8 million in the latest flash loan exploit of the Cream Finance protocol through a reentrancy bug introduced by the Amp token.
However, Cream Finance said that the protocol has stopped the exploit by pausing supply and borrow contracts on the Amp token.
Cream Finance stated:
“No other markets were affected.”
The report said that PeckShield specified that the hacker exploited the Amp token by reborrowing assets during its transfer before updating the first to borrow in 17 separate transactions.
“The hacker makes a flashloan of 500 ETH and deposit the funds as collateral. Then the hacker borrows 19M $AMP and makes use of the reentrancy bug to re-borrow 355 ETH inside $AMP token transfer. Then the hacker self-liquidates the borrow. The funds are still parked in 0xCE1F….6EDE. We are actively monitoring this address for any movement.”
Likewise, the Amp token contract implements ERC-77-based registry smart contract known as ERC-1820. Introduced in 2019, the ERC-1820 standard defines a universal registry smart contract where any address “can register which interface it supports and which smart contract is responsible for its implementation.”
Thus, the latest flash loan exploit comes amid the increasing amount of hacks and exploits among both centralized and decentralized cryptocurrency platforms. On Saturday, Bilaxy crypto exchange suffered a major hot wallet hack leading to 295 ERC-20 tokens being compromised. Liquid lost nearly $100 million in a hack that took place on August 19.