Cream Finance, the decentralized finance (DeFi) protocol, will pay back its users after the $18.8 million flash loan hack that occurred on August 30.
It has been reported that Cream has published a post-mortem to the AMP flash loan exploit, promising to replace the stolen Ether (ETH) and Amp (AMP) tokens by allocating 20% of all protocol fees until the debt is paid entirely. Cream will also post collateral with relevant parties at AMP and its creators, Flexa digital payments network, to secure the debt.
However, according to the post-mortem report, the latest flash loan exploit was the first time Cream Finance has suffered a direct exploit, losing 462 million AMP tokens and 2,800 ETH. With assistance from blockchain security firm PeckShield, Cream found that the exploit was caused by an error in the way the protocol integrated AMP.
“While unfortunate and disappointing, we take ownership of the error.”
The report said that alongside the main exploit, Cream has also discovered a smaller copy-cat attack from an address with transaction history on the Binance crypto exchange. The crypto trading platform is now cooperating with Cream to identify the second perpetrator. Cream said that it will be working with authorities to trace the attacker and work with law enforcement authorities to prosecute “to the fullest extent of the law.”
Likewise, the hacked protocol will also grant a 10% bug bounty to the exploiter if they decide to send back the stolen funds.
“If anyone is able to identify and provide information leading to the arrest and prosecution of the exploiter, we will share 50% of all funds returned.”
Cream halted supply and borrow contracts on AMP on August 30 to stop the exploit that allowed the attacker to gain access to nearly $19 million in AMP and ETH through reborrowing assets in just 17 separate transactions. Prices of both Cream’s native token, CREAM, and AMP subsequently dropped, with AMP plummeting nearly 13%.
Thus, the affected tokens continued declining in price after the attack.