Crema Finance reports that the application was hacked July 2, 2022 according to decentralized finance protocol (defi). According to a Twitter account named “Solanafm”, the defi protocol suffered a loss of $8.7 million as a result.
Crema Finance Vulnerability Leads to Defi App Losing Millions — 6 Flashloans Applied
Another protocol that is used to defi has been compromised by hackers. The Solana liquidity application revealed it was attacked on Saturday July 2, 2022.
Crema Finance wrote Saturday, “Attention.” “Our protocol appears to have been hacked. We have temporarily suspended the program, and we are currently investigating. We will share any updates here as soon as possible.”
Crema Finance is a concentrated liquidity maker (CLMM), algorithm that was built on top Solana. The Twitter account @solanafm described the vulnerability in the defi app. “On July 2nd, a vulnerability was discovered in the ticks account, which allowed for an exploit on Crema Finance, totaling $8,782,446,” Solanafm tweeted.
Solanafm said that the Crema team and Ottersec worked together to stop the theft of funds from being moved. Ottersec, a blockchain auditing company, has audited many blockchain smart contracts.
Solanafm claims that the hacker took the funds through “6 flash loans on the Solend Protocol.” To steal the funds, the attacker used the Wormhole Exchange.
Solanafm’s tweet concluded that “currently, all of the stolen money are held in the hacker’s Ethereum wallet as well [the] initial SOLWallet.”
Ottersec also published an thread about the Crema Finance exploit, and flash loans. Ottersec stated that in order to use flashloans the attacker needed to create their own onchain program. “Unfortunately, the exploit forced the attacker to close this program quickly.”
“The flashloan calls three key instructions on the Crema contract: ‘DepositFixTokenType,’ ‘Claim,’ and ‘WithdrawAllTokenTypes.’ The attacker is [then] able to deposit and then withdraw the same amount of tokens, while receiving additional tokens from the claim instruction,” Ottersec added.