Cream Finance, decentralized finance (DeFi) platform and lending system for individuals and firms to access financial services and life on Ethereum, Binance Smart Chain, and Fantom, has been reported to lose over $29 million of cryptocurrency funds due to cyber theft.
Shortly after a blockchain cybersecurity firm, PeckShield noticed ongoing attack signs, Cream Finance announced that they have indeed been hacked.
The reported action of the cyber thieves includes them using a “reentrancy attack” in its “flash loan” feature so they could steal a total of 418,311,571 in AMP tokens which are estimated at around $25.1 million at the time of the hack; and 1,308.09 in ETH coins which are estimated at around $4.15 million. This detailed report is according to Cream Finance itself.
“Flash loan” is a contract or script that operates on the Etherium blockchain. It enables the users of Cream Finance to acquire quick loans or credits from the firm’s assets and return the borrowed funds on a specific later date.
Meanwhile, reentrancy attacks refer to a bug or vulnerability that takes place through the said flash loan contracts. It allows the threat actors to repeatedly withdraw assets, specifically in a loop, before the initial transaction would be approved, denied, or needed funds to be returned.
The founders of ZenGo, a cryptocurrency wallet app, PeckShield, and Tal Be’ery have verified that the threat actor of Cream Finance has executed a bug in the ERC777 token contract interface. It is used by the firm with their interaction through an initial Etherium blockchain. Additionally, Be’ery has said that ERC777 has allowed many reentrancy attacks towards the DeFi online services. It kept on depending on the feature regardless of its lousy implementation records and bugs and hacks vulnerabilities.
The founders also added the all DeFi companies must create or execute a firewall-like system that can filter suspicious requests amongst their contracts – which are the pillar of their services but is the main target of cyber-attacks. In 2021, there have been over 76% of major hacks have been distributed to DeFi-attacks. Also, at least $474 million have already been lost to attacks against DeFi platforms.
DeFi platforms have been a victim of attackers mainly because of how unregulated and unsecured the cryptocurrency ecosystem is.