Hackers have stolen more than $29 million in cryptocurrency assets from Cream Finance, decentralised finance (DeFi) platform.
- Hackers hacked the crypto exchange by exploiting a vulnerability in the AMP token.
- The exchange lost $29 million worth of digital assets to hackers.
Hackers have stolen more than $29 million in cryptocurrency assets from Cream Finance, decentralised finance (DeFi) platform.
Cream Finance is a relatively newer crypto exchange that started in August 2020. The service is live on Ethereum, Binance Smart Chain, and Fantom.
The company confirmed the security breach via Twitter. The blockchain security firm PeckShield first noticed the attack and published a series of Tweets containing evidence of the security breach.
“The AMP token contract implements ERC77-based ERC1820, which has the _callPreTransferHooks for reentrancy. Thank you, @peckshield, for assisting with this investigation.” states the DeFi platform.
According to Cream Finance, attackers conducted a “reentrancy attack” in its “flash loan” feature to steal 418,311,571 in AMP tokens and 1,308.09 in ETH coins.
The term “flash loan” refers to a contract (script) that runs on the Ethereum blockchain that allows Cream Finance users to take quick loans from the company’s funds and then return them at a later date.
Reentrancy attacks consist in withdrawing funds repeatedly before the original transaction is approved or declined or the funds need to be returned.
According to PeckShield, the attackers exploited a bug in the ERC777 token contract interface implemented by Cream Finance to interact with the underlying Etherium blockchain.
Specifically, the attacker pilfered $25.1 million worth of AMP and $4.15 million worth of Ethereum.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?