{"id":332242,"date":"2021-08-30T12:34:47","date_gmt":"2021-08-30T09:34:47","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/%e2%80%8b%e2%80%8bcream-finance-defi-platform-loses-19m-in-a-flash-loan-hack\/"},"modified":"2021-08-30T12:34:47","modified_gmt":"2021-08-30T09:34:47","slug":"%e2%80%8b%e2%80%8bcream-finance-defi-platform-loses-19m-in-a-flash-loan-hack","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/%e2%80%8b%e2%80%8bcream-finance-defi-platform-loses-19m-in-a-flash-loan-hack\/","title":{"rendered":"# \u200b\u200bCream Finance DeFi platform loses $19M in a flash loan hack"},"content":{"rendered":"<p>&#8220;<strong># \u200b\u200bCream Finance DeFi platform loses $19M in a flash loan hack <\/strong>&#8221;<br \/>\n<img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMDgvZDFiMGVmMTctMzZhMy00ZDFhLThiZTQtNDA0MmE0NjFmZWUxLmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-128018ef>Cream Finance, a major decentralized finance (DeFi) protocol focused on lending, has suffered a major exploit, with a hacker stealing nearly $19 million from its platform.<\/p>\n<p>An unknown hacker has <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/peckshield\/status\/1432249600002478081?s=20\">managed<\/a> to gain $18.8 million in the latest flash loan exploit of the Cream Finance protocol through a reentrancy bug introduced by the Amp (AMP) token, according to an investigation by blockchain security firm Peckshield.<\/p>\n<p>Announcing the <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a> Monday, Cream Finance said that the protocol has stopped the exploit by pausing supply and borrow contracts on the AMP token. \u201cNo other markets were affected,\u201d Cream Finance stated.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">C.R.E.A.M. v1 market on Ethereum has suffered an exploit, resulting in a loss of 418,311,571 in AMP and 1,308.09 in ETH, by way of reentrancy on the AMP token contract.<\/p>\n<p>We have stopped the exploit by pausing supply and borrow on AMP. No other markets were affected.<\/p>\n<p>\u2014 Cream Finance  (@CreamdotFinance) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/CreamdotFinance\/status\/1432249771750686721?ref_src=twsrc%5Etfw\">August 30, 2021<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>Peckshield specified that the hacker exploited the AMP token by re-borrowing assets during its transfer before updating the first to borrow in 17 separate transactions. Providing an example transaction, the security firm <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/peckshield\/status\/1432250680799027204?s=20\">stated<\/a>,\u00a0\u201cThe hacker makes a flashloan of 500 ETH and deposit the funds as collateral. Then the hacker borrows 19M $AMP and makes use of the reentrancy bug to re-borrow 355 ETH inside $AMP token transfer. Then the hacker self-liquidates the borrow.\u201d<\/p>\n<p>\u201cThe funds are still parked in 0xCE1F\u2026.6EDE. We are actively monitoring this address for any movement,\u201d Peckshield added, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/etherscan.io\/tx\/0xa9a1b8ea288eb9ad315088f17f7c7386b9989c95b4d13c81b69d5ddad7ffe61e\">providing<\/a> the hacker&#8217;s address.<\/p>\n<p>AMP is an Ethereum-based token that is designed to collateralize payments on the digital payments network Flexa. The AMP token contract implements ERC77-based registry smart contract known as ERC1820. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/eips.ethereum.org\/EIPS\/eip-1820\">Introduced<\/a> in 2019, the ERC1820 standard defines a universal registry smart contract where any address \u201ccan register which interface it supports and which smart contract is responsible for its implementation.\u201d<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Beleaguered DeFi project xToken suffers second major exploit since May<\/em><\/strong><\/p>\n<p>Following the attack, both the AMP token and the Cream Finance&#8217;s native token CREAM saw a notable price drop, with AMP plummeting nearly 13% over the past 24 hours. At the time of writing, the AMP token is <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.coingecko.com\/en\/coins\/amp\">trading<\/a> at\u00a0$0.051908, while the CREAM token is trading at\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.coingecko.com\/en\/coins\/cream\">$167<\/a>, down around 5% over the past 24 hours, according to data from CoinGecko.<\/p>\n<p>As previously reported by Cointelegraph, DeFi product Alpha Homora in February suffered a $37 million hack exploited using Cream\u2019s Iron Bank protocol-to-protocol lending platform.<\/p>\n<p>The latest flash loan exploit comes amid the increasing amount of hacks and exploits among both centralized and decentralized cryptocurrency platforms. On Aug. 28, Bilaxy crypto exchange suffered a major hot wallet hack leading to 295 ERC-20 tokens being compromised. Liquid\u00a0lost nearly $100 million in a hack that took place on Aug 19.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more News articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/cream-finance-defi-platform-loses-19m-in-a-flash-loan-hack\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;# \u200b\u200bCream Finance DeFi platform loses $19M in a flash loan hack &#8221; Cream Finance, a major decentralized finance (DeFi) protocol focused on lending, has suffered a major exploit, with a hacker stealing nearly $19 million from its platform. An unknown hacker has managed to gain $18.8 million in the latest flash loan exploit of&#8230;<\/p>\n","protected":false},"author":1,"featured_media":332243,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMDgvZDFiMGVmMTctMzZhMy00ZDFhLThiZTQtNDA0MmE0NjFmZWUxLmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74867,74983,74868,74882,75434,70944,72287,4965],"class_list":["post-332242","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-altcoin","tag-decentralization","tag-defi","tag-hacks","tag-smart-contracts","tag-hackers","tag-security","tag-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/332242","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=332242"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/332242\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/332243"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=332242"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=332242"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=332242"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}