DeFi protocol Cream Finance has been hacked for more than $130 million. The exploit was highlighted by PeckShield, who identified a large flash loan transaction that was used to carry it out.
According to blockchain records, $92 million was stolen into one address and $23 million into another, alongside other funds taken. The funds are now being moved around to different wallets.
The funds stolen were mostly in Cream LP tokens and other ERC-20 tokens. Cream LP tokens are tokens you receive when you deposit funds into the Cream pools.
The price of cream (CREAM) has plummeted following the news, down from $152 to $111 in minutes — a 27% drop — according to CoinGecko.
According to the exploit transaction, the hacker left a somewhat unusual message. They wrote, “gÃTµ Baave lucky, iron bank lucky, cream not. ydev : incest bad, dont do.” This appears to refer to DeFi lending platforms Aave and Iron Bank, along with Cream Finance.
Cream Finance is a decentralized lending protocol built on the Ethereum blockchain. The protocol has notably suffered multiple flash loan attacks in its history, losing $37.5 million in February and then another $18.8 million in August.
Today’s hack is the third largest DeFi hack in history, according to Rekt’s leaderboard (although both of the two bigger hacks had funds returned).
This will bring the total amount of funds stolen in DeFi attacks above $500 million (graph not yet updated).
This story has been updated to show the amount of funds stolen was higher than initial estimates.
For more breaking stories like this, make sure to follow The Block on Twitter.
© 2021 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.