Crema Hacker Returns $8 Million After Accepting $1.6 Million Bounty

By:

Updated: Jul 7, 2022, 11:54 UTC

Crema Finance has reached a deal with the hacker who drained the platform of nearly $8 million

Key Insights:

The hacker stole nearly $8 million worth of crypto through a flash loan attack.
Crema Finance temporarily suspended withdrawals in response to the hack.
The hacker has since returned 6,064 ETH and 23,967 SOL tokens.

The concentrated liquidity protocol based on Solana, Crema Finance was compromised by hackers last week who drained the platform of $8.78 million worth of crypto in the form of a flash loan attack.

The project temporarily suspended services in a bid to prevent the hacker from draining out its liquidity reserves, which included the funds of the service provider and investors. Crema Finance also contacted law enforcement authorities and launched an investigation.

$1.6 Million Bounty

The team behind the protocol offered the attacker a generous 16.7% of the $9.6 million Crema lost initially.

However, the hacker was able to negotiate a larger bounty of 45,455 Solana (SOL) tokens, worth roughly $1.6 million, in exchange for returning around $7.6 million worth of stolen crypto.

More specifically, the hacker returned 6,064 Ethereum (ETH) and 23,967 SOL in a series of transactions on the Ethereum and Solana networks. The first transaction on each network was a test with a negligible amount of coins, while the following was worth the majority of the funds sent.

New Measures

Since the hack, the team has submitted new code for auditing to ensure that a recurrence of this exploit does not take place. The protocol will become fully functional once the audit is complete, with a compensation plan for affected users expected to be issued by July 8.

The project noted that the hacker was able to get away from the funds after taking out a flash loan from the Solend decentralized finance (DeFi) lending protocol, which was then added as liquidity to a Crema pool.

The hacker then fabricated pricing data to make it seem as though they were owed a much bigger reward than they really were, allowing them to take a large ‘fee amount’ worth around $9.6 million from the pool.

A flash loan attack is a type of DeFi hack where a cyberthief takes out a flash loan, a form of uncollateralised lending, from a lending protocol and then manipulates the price of a crypto asset on one exchange to quickly resell it on another one.

Such attacks, which are the most common types of DeFi attacks since they are the cheapest to pull off and easiest to get away with, can occur in mere seconds. They have been consistently making headlines since DeFi’s surge in popularity in 2020 and appear to be growing more rampant, with several hundred million dollars of losses to date.

Last month, Crema Finance successfully closed a $5.4 million private fundraising round led by Qiming Venture Partners.

About the Author

Mohadesa Najumiauthor

Mohadesa Najumi is a British writer who has worked within crypto, forex, financial technology, and the stock market industry. Mohadesa received her MSc in Political Science and International Relations at the University of Amsterdam.