Solana-based concentrated liquidity protocol Crema Finance announced that it would temporarily suspend its services to investigate a exploit who stole more than $6 million from the protocol.
The announcement was made earlier today via Twitter, adding that he will communicate more updates soon. In addition, the team has secured the services of the auditing firm blockchain OtterSec to investigate the exploit.
Attack through flash loans
According to blockchain auditing firm OtterSec, the hacker used flash loans from Solend to drain the protocol pools. The attacker first implemented his program on-chainto be able to use flash loans.
They later used flash loans to call “three key instructions in the Crema contract: DepositFixTokenType, Claim, and WithdrawAllTokenTypes.” With these, they could deposit and withdraw the exact amount they deposited plus additional tokens.
Additionally, Crema Finance co-founder Henry Du confirmed that an investigation has been launched:
“We are working with some security companies and got support from Solana, Solscan and Etherscan etc. We will continue to post any updates via the official Twitter account.”
The Crema team also contacted the hacker via an on-chain message to his Ethereum address.
The identity of the hacker remains unknown
Unfortunately, the identity of the hacker remains unknown, as disabled the program immediately after the exploit.
The crypto community on Twitter is active in its investigation while awaiting official investigations. The community has identified a wallet that belongs to the hacker. Currently contains 69,422.89 SOL equivalent to 2.3 million dollars. Another user claimed that the attacker was already laundering the money.
So far, several Solana-based protocols like Solend, Port Finance, and Solscan have expressed their support and willingness to help.
The temporary suspension of services appears to be an attempt to prevent the hacker from depleting their reserves. But some in the community have said that the hacker stole about 90% of the liquidity in some pools of Crema Finance.
Cream Finance had raised $5.4 million
The attack comes just two weeks after Crema Finance raised $5.4 million in a private funding round. Qiming Venture Partners led the funding round, which also included Everest Ventures Group, AGE Fund, Big Brain Holdings, Summer Capital, etc.
Cream Finance is not linked to Cream Finance, the decentralized finance protocol that lost more than 100 million due to flash loan attacks in 2021.
Disclaimer
All information contained on our website is published in good faith and for general information purposes only. Any action that the reader takes on the information found on our website is strictly at their own risk.