DeFi protocol CremaFinance milked for $8.7 million

This weekend, Solana’s CremaFinance liquidity network was hacked for over $8.7 million, according to the platform Monday.

The attack follows from an exploit in the decentralized finance platform’s tick account, according to a Crema Tweet. The tick account is used to manage liquidity on the platform and monitor user deposits.

“The attack was conducted by manipulating a price oracle to generate an illiquidity event in the CREMA/SOL pool,” the update said. “This allowed the attacker to claim all of the liquidity in the pool, as well as the CREMA rewards associated with it.”

At the time of writing, it’s not clear how the attacker was able to manipulate the price oracle. The platform is currently investigating the matter.

All user funds are safe and there is no need to take any action, Crema says. The team is working on a security update and will provide more information in the coming days.

This is not the first time DeFi protocols have been attacked. In June, DeFi lending platform dForce lost $25 million to an attacker who exploited a flaw in its smart contract. And in July, DeFi protocol LendMe was hacked for $150,000

Once they had established the phony account. The hacker was able to “circumvent” a standard security check, resulting in millions of dollars in crypto being withdrawn.

The Solana-based protocol announced a brief outage, stating that it had engaged the aid of the world’s top security firms in investigating the exploit.

“The hacker swapped the stolen fund into 69422.9SOL and 6,497,738 USDCet via Jupiter. The USDCet was then bridged to the Ethereum network via Wormhole and swapped to 6064ETH via Uniswap after that,” Crema said in a tweet.

In 2022, the attack on Crema is one of many DeFi attacks reported by Chainalysis. Which claims that about 97% of crypto attacks in Q1 were linked to DeFi.

The DeFi industry has seen immense growth in recent months. With the total value locked in DeFi protocols reached a record $79 billion in mid-May.

This growth has been accompanied by an increase in hacks and exploits. As DeFi protocols become more attractive targets for malicious actors.

Crema is a decentralized lending and borrowing platform. That allows users to collateralize their crypto assets and take out loans in USDC. The protocol was launched in March 2021 and has since amassed over $8 million in TVL.

The attacker first gained control of the Crema smart contract by acquiring a large number of CRM tokens. Which are used to stake and vote on governance decisions.

Once the attacker had a majority of tokens, they were able to modify the contract’s code and mint themselves $8.7 million in USDC.

Losses like the $615 million stolen on Axie Infinity’s Ronin bridge; the $320 million theft from Wormhole; the $181 million Beanstalk flash loan assault. And the $30 million Optimism hack are among the billions taken so far this year from protocols.

Over $3.6 billion has been lost to hackers in the last year, with barely over $1.1 billion restored, according to the REKT Database. DeFi protocols accounted for $1.4 billion of the funds lost, with $351 million returned.

The DeFi space has been marred by a series of high-profile hacks and scams this year, totaling billions of dollars in losses.

Among the most notable have been the $8.7 million heist from DeFi protocol CremaFinance. The $615 million theft from Axie Infinity’s Ronin bridge, the $320 million Wormhole attack, and the $181 million Beanstalk flash loan attack.

These hacks have called into question the security of DeFi protocols, with some calling for greater regulation in the space.

However, many in the DeFi community believe that the industry is still in its early stages. And that these hacks are to be expected as the ecosystem matures.

What is your take on this? Share your thought with us!