Decentralized lending platform Cream Finance appears to have suffered a serious exploit on Wednesday, with an attacker stealing more than $ 100 million in funds via a major flash loan attack.
Blockchain data analytics firm PeckShield first identified the instant loan attack on Wednesday. The committed funds were primarily Cream liquidity tokens, as well as other Ethereum-based tokens.
– PeckShield Inc. (@peckshield) October 27, 2021
During a flash loan attack, an attacker exploits vulnerable smart contracts to create his own arbitrage opportunity. Typically, this is done by modifying the relative value of a trading pair by flooding the contract using its borrowed tokens.
Cream Finance has been a routine target of attackers, as evidenced by the $ 19 million hack of a protocol flash loan in August. As Cointelegraph reported at the time, the attack was facilitated by a reentry bug introduced by the Amp token.
This story is still in development.