Decentralized financial platform Crema Finance announced that it was hacked on Saturday and that around $8.8 million was stolen during the attack.
U series of tweets over the 4th of July weekend, the company explained that the hacker used several new tactics allowing them to take six flash credits, a common tactic of DeFi attackers.
The company said it is now working with law enforcement agencies and blockchain security companies to recover the stolen funds. In total, the hackers stole 69,500 SOL, which is worth about $2.3 million, and about $6.5 million worth of stablecoins.
She sent a message to the hackers, offering them $800,000 in exchange for the return of the stolen funds.
“Your addresses on both Solana and Ethereum are blacklisted and all eyes are on you right now. You have 72 hours from now to consider becoming a white hat and keep the $800,000 reward,” the company said in a message to the hacker.
“And transfer the remaining funds back to our contract update authorization address. Otherwise, the police and law enforcement will officially get involved and you will be in for an endless search.”
Several blockchain security companies have shown that the hacker carried out the exploit by uploading malware onto the chain that could then be used to implement multiple flash credit attacks.
Flash loan attacks are when a hacker uses a quick loan without collateral to target vulnerabilities in a project’s design.
Flash loan attacks have become one of the most popular ways for hackers to target DeFi platforms. In April, hackers stole $11.2 million worth of Binance Coin from DeFi platform Elephant Money.
Cream Finance was hit by three different quick loan attacks in 2021, costing the DeFi platform $130 million in October, $37 million in February, and another $29 million in August.
Blockchain analysis firm Chainalysis said at least $2.2 billion was stolen from the DeFi protocol in 2021. Last month, Ronin Network announced that hackers had stolen more than $500 million of the cryptocurrency, making it one of the largest attacks ever.
Ronghui Gu, co-founder of crypto security firm CertiK, told the Record that the flash credit attack used by the hacker in this incident was specific and surprising in many ways.
“This kind of complicated exploit highlights the ever-changing frontier of crypto security,” Gu said.
“This is a reminder that hackers are always finding new ways to use old tricks, and for web3 to become a truly secure ecosystem, it requires both the web3 security industry and the projects themselves to become better at predicting, not just reacting to, attacks. ”