THE DAILY ENCRYPT

[date-today format='F j, Y']

Crema Finance Forced to Suspend Services after Getting Hacked for $8.7 Million

Crema Finance reports that the application was hacked July 2, 2022 according to decentralized finance protocol (defi). According to a Twitter account named "Solanafm", the...
person using MacBook Pro
Photo by Fabian Irsara

Crema Finance reports that the application was hacked July 2, 2022 according to decentralized finance protocol (defi). According to a Twitter account named “Solanafm”, the defi protocol suffered a loss of $8.7 million as a result.

Crema Finance Vulnerability Leads to Defi App Losing Millions — 6 Flashloans Applied
Another protocol that is used to defi has been compromised by hackers. The Solana liquidity application revealed it was attacked on Saturday July 2, 2022.

Crema Finance wrote Saturday, “Attention.” “Our protocol appears to have been hacked. We have temporarily suspended the program, and we are currently investigating. We will share any updates here as soon as possible.”

Crema Finance is a concentrated liquidity maker (CLMM), algorithm that was built on top Solana. The Twitter account @solanafm described the vulnerability in the defi app. “On July 2nd, a vulnerability was discovered in the ticks account, which allowed for an exploit on Crema Finance, totaling $8,782,446,” Solanafm tweeted.

Solanafm said that the Crema team and Ottersec worked together to stop the theft of funds from being moved. Ottersec, a blockchain auditing company, has audited many blockchain smart contracts.

Solanafm claims that the hacker took the funds through “6 flash loans on the Solend Protocol.” To steal the funds, the attacker used the Wormhole Exchange.

Solanafm’s tweet concluded that “currently, all of the stolen money are held in the hacker’s Ethereum wallet as well [the] initial SOLWallet.”

Ottersec also published an thread about the Crema Finance exploit, and flash loans. Ottersec stated that in order to use flashloans the attacker needed to create their own onchain program. “Unfortunately, the exploit forced the attacker to close this program quickly.”

“The flashloan calls three key instructions on the Crema contract: ‘DepositFixTokenType,’ ‘Claim,’ and ‘WithdrawAllTokenTypes.’ The attacker is [then] able to deposit and then withdraw the same amount of tokens, while receiving additional tokens from the claim instruction,” Ottersec added.

 

Elena Argyros

Elena Argyros

Elena is cryptocurrency writer / journalist based in Europe. She has extensive knowledge in the crypto space and is a solidity programmer by trade. Elena has built an extensive resume working with some of the most ground breaking blockchain firms. Being in Europe, Elena has amassed a large network of professionals in the space and states "The technology behind blockchain is going to impact everyone on earth in a good way, once you get to understand it".
Elena Argyros

Elena Argyros

Elena is cryptocurrency writer / journalist based in Europe. She has extensive knowledge in the crypto space and is a solidity programmer by trade. Elena has built an extensive resume working with some of the most ground breaking blockchain firms. Being in Europe, Elena has amassed a large network of professionals in the space and states "The technology behind blockchain is going to impact everyone on earth in a good way, once you get to understand it".

© 2022 The Daily Encrypt. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Latest News
PRESS RELEASES