Langsung ke konten utama

Defi Platform Cream Finance Hacked, $29 Million Lost

Cream

Cream finance, a defi borrowing and lending protocol, has been the victim of a hack that erased more than $29 million from its vaults. The attacker took advantage of a loophole in the implementation for adding the amp token to the protocol. This is the second time the platform has been involved in a hack. The first breach happened in February, when Cream lost $37.5 million.

Cream Protocol Suffers Hack

Cream protocol, a defi lending-borrowing platform present on four different chains (Ethereum, BSC, Polygon, and Fantom), suffered a hack Monday that resulted in the loss of $29 million in several cryptocurrencies. The attacker took advantage of a bug caused by the introduction of the amp token into the protocol. According to Peckshield, a blockchain security and data analytics company, the hack was perpetrated in just one transaction, taking advantage of a reentrancy bug present in the code of the amp currency.

This allowed the hacker to re-borrow assets during the transfer before updating the first borrow. The exploit was repeated 17 times and allowed the hacker to get ahold of 418,311,571 amp (worth $25.1 million) and 1,308.09 ethereum (worth $4.15 million). The platform had been audited by Trails Of Bits, a cybersecurity research and consulting firm, prior to the inclusion of the amp token.

Cream declared it stopped the exploit by pausing supply and borrow on amp. The protocol also informed users that no other markets were affected, and that it was expecting to offer a post mortem report at a later date.

Not the First Time

This is not the first time Cream has suffered a hacking incident. Less than six months ago, the platform was also affected by a hack that allowed the attacker to withdraw $37.5 million. The hack, using an unreleased version of a contract of Alpha Finance, another defi protocol, exploited a rounding miscalculation in the code and a whitelisting function. After taking control of the funds, the attacker took them to Tornado.cash, a protocol that allows private transactions in Ethereum.

Luckily, no user funds were affected during this first hack. However, it shows that the defi environment is very complex and that even a small change in protocol (like adding a currency or whitelisting another platform) can have a big impact on security in the future.

What do you think about defi-related hacks? Tell us in the comments section below.



source https://news.bitcoin.com/defi-platform-cream-finance-hacked-29-million-lost/

Komentar

Postingan populer dari blog ini

Massive Crypto ETF Exodus: $742M Vanishes Overnight

Recent data reveals that spot bitcoin (BTC) and ether (ETH) exchange-traded funds (ETFs) experienced collective net outflows amounting to $742.24 million. Blackrock, Valkyrie, and Grayscale Among Crypto ETFs Hit by $742M Reduction On Wednesday, U.S.-based bitcoin and ethereum ETFs faced significant reductions, with bitcoin ETFs losing $582.90 million and ether ETFs seeing $159.34 million in […] source https://news.bitcoin.com/massive-crypto-etf-exodus-742m-vanishes-overnight/

What Are AI Agent Coins? Utility, Autonomy, and Blockchain Power

Over the past year, the fusion of artificial intelligence (AI) and cryptocurrencies has sparked a significant rise in the prominence of AI-centric digital assets. Now, a fresh subset is emerging from obscurity—AI agent coins—a category of cryptocurrencies linked to initiatives employing autonomous AI agents for tasks within the blockchain realm. AI Agent Coins: The Emerging […] source https://news.bitcoin.com/what-are-ai-agent-coins-utility-autonomy-and-blockchain-power/

Kucoin Hacked for $150 Million in Bitcoin; Bitfinex and Tether Freeze $33 Million of the Stolen Funds

Cryptocurrency exchange Kucoin may have been hacked for $150 million in bitcoin and multiple ERC20 tokens. The Singapore-based exchange confirmed the September 25 security breach, but did not disclose the amount stolen. “Bitcoin, ERC-20 and, other tokens in Kucoin’s hot wallets were transferred out of the exchange,” said Kucoin in an update on Saturday. Meanwhile, Bitfinex and Tether, issuers of the centralized stablecoin USDT , immediately froze a combined $33 million worth of USDT suspected to be part of the funds looted in the Kucoin hack – an action that has stirred questions around the influence of centralized platforms. Paolo Ardoino, chief technology officer of both entities, tweeted that Bitfinex froze $13 million USDT on EOS as part of the hack. Tether froze $20 million USDT “sitting on this ethereum address as a precautionary measure,” he said. In its update, Kucoin maintains that funds in its cold wallets (offline storage, which is less susceptible to hacks) ar...