Crypto Hackers Steal Over $130M from Cream Finance DeFi Platform

Cream Finance decentralized lending platform has been hacked, with attackers stealing more than $130 million worth of funds through a large flash loan attack.

PeckShield blockchain data analytic firm first identified the large flash loan transaction that the hackers used to exploit the Cream Finance platform.

The affected funds were mostly Cream liquidity provider tokens (Cream LP tokens) as well as other Ethereum-based tokens (ERC-20 tokens).

According to blockchain records, the hackers moved $92 million worth of funds into one address while $23 million into another address and also transferred other funds into other addresses. It now appears that the attackers have moved the funds to different wallets.

Following the incident, the price of Cream token plunged, from $152 to $111 in minutes, a 27% drop, according to CoinGecko.

According to the exploit transaction, the attacker left some strange message. They wrote, “gÃTµ Baave lucky, iron bank lucky, cream not. ydev : incest bad, don’t do.” This appears to refer to DeFi lending platforms Aave, Iron Bank, and Cream Finance.

This is the third time Cream Finance has faced a severe hack. In February, Cream Finance lost $37.5 million after hackers took advantage of a vulnerability in instant or flash credits technology.

In August, the primary decentralized finance protocol also lost $18.8 million after unknown hackers drained funds through flash loans exploits by introducing a reentrancy bug to the Amp token. After Cream Finance identified the incident during that time, it stated that the protocol stopped the exploit by pausing supply and borrowing contracts on the Amp token.

During that incident, PeckShield stated that the hacker exploited the Amp token by reborrowing assets during its transfer before updating the first to borrow in 17 separate transactions.

Calls for More Investor Protections

Flash loans allow users to borrow funds without collateral because the lender expects the money to be returned within one transaction block, immediately. However, hackers have used this loophole in DeFi to steal millions of dollars.

As reported by Blockchain.News in August, Poly Network DeFi protocol was attacked and hackers stole $600 million worth of funds from the protocol. This is considered the largest hack in DeFi and cryptocurrency history.

Decentralized Finance (DeFi), which is one of the use cases of blockchain technology, has been on the cusp of major growth. Regulators are aware of this growth and, of late, have been moving to act accordingly.

Frequent hacks like the abovementioned incidents have prompted regulators to call for better consumer protection in the DeFi sector.

In August, US SEC chairman Gary Gensler made it clear that regulation of DeFi platforms and stablecoins is on the SEC’s agenda. During that time, Gensler compared the use of DeFi to the Wild West, emphasizing it needs better investor protection.

Image source: Shutterstock


Tagged : / / / Hacker Bags $17,000 Via Giveaway Scam

Key Takeaways

  • Hackers have exploited in order to run a crypto giveaway scam.
  • A pop-up told users to send Bitcoin to a QR code address, with the promise of receiving double the amount in return.
  • Doubling scams are a common occurrence in the crypto space, with high-profile websites and personalities often exploited to conduct them.

Share this article, the official website of the Bitcoin cryptocurrency was compromised by hackers running a giveaway scam. Exploited For Giveaway Scam

In an unfortunate security failure, was compromised for a giveaway scam, users reported Thursday morning. Visitors to the website were greeted with a popup, asking them to send crypto to a Bitcoin wallet via a QR code and receive double the amount in return.

Source: @ChrisDunnTV

The fake message told visitors that the Bitcoin Foundation was giving back to the community, and that the giveaway would be limited to the first 10,000 users in order to draw people into the scam. Users couldn’t click past the fake pop-up message, making the rest of the website inaccessible for the duration of the scam.

The Bitcoin address used in the scam received 0.40BTC worth $17,000. The hacker moved almost all of the funds out of the main wallet and into two other holding wallets.

Started in August 2008 by Bitcoin’s pseudonymous creator Satoshi Nakamoto, serves a knowledge hub for the top cryptocurrency. It hosts various resources such as the original whitepaper and developer documentation on Bitcoin.

According to the’s pseudonymous operator CobraBitcoin, the attackers may have exploited some flaw in the website’s domain name system (DNS), and gained unauthorized access. Hackers usually crawl websites to identify underlying vulnerabilities that can be used to orchestrate attacks.

SIMETRI Research
Sanctor Turbo Demo Day

After being taken down for a few hours to investigate the root cause of the security breach, the website has now been restored to its pre-hack status.

The exploit is not the first “double your money” scam to affect the crypto space. Cryptocurrency giveaway scams often leverage popular web platforms and fake or hacked celebrity social media accounts to trick users into thinking the scam is credible.

Last year, the Twitter accounts of Binance CEO ChangPeng Zhao, Bill Gates, Elon Musk, and other prominent figures on the crypto community were hacked in order to carry out a doubling scam, asking users to send Bitcoin to an undisclosed wallet, with the promise of receiving double the amount back. According to the US-based Federal Trade Commission, impersonators of Tesla CEO Elon Musk have stolen at least $2 million from investors using similar scams.

Share this article


Tagged : / / / / / / /
Bitcoin (BTC) $ 26,573.12 0.21%
Ethereum (ETH) $ 1,591.55 0.31%
Litecoin (LTC) $ 64.79 0.19%
Bitcoin Cash (BCH) $ 208.27 0.19%