Hackers of the infamous Cream Finance heist reportedly exchanged roughly 1000 ETH which is worth $1.75 million for 80 RenBTC, blockchain security expert PechShield noted. RenBTC is an ERC-20 token that allows a decentralized representation of Bitcoin within Ethereum.
Twitter users reacted angrily with many questioning the platform’s competencies and its inability to prevent such attacks.
How many times Cream Finance be exploited until we admit people working on the project are imcompetent at least shouldn’t be working on financial products?
The Ethereum-based lending protocol was a target of multiple exploits but the most damaging of them was the $130 million attack in late 2021.
The incident caused a massive trust deficit for ream Finance in the crypto circles and which eventually made an impact on the token’s price leading to its near annihilation [ CREAM tokens plummeted by over 90%.
Prior to that, in Feb 2021, the DeFi protocol was attacked in a similar manner where bad actors stole $35 million. Following that, Cream Finance’s native token tanked by 30% in just one hour.
Then in August, Cream Finance suffered the second hack that resulted in the attacker stealing more than 418 million in AMP, the Flexa Network’s native token, and approximately 1,300 Ethereum.
Hackers Prefer Flash loans Attack To Gain Access To Funds
Flash loans have been known to be the most preferred choice among hackers to conduct exploits on decentralized finance [DeFi] systems. These loans allow investors to borrow unsecured funds from lenders using smart contracts instead of third parties.
This year, another most outrageous flash loan attack was the Beanstalk heist. The stablecoin protocol was drained of $182 million. Next, in June, two more crypto platforms suffered similarly – Inverse Finance and Nirvana.
Just recently, an Avalanche-based lending protocol Nereus Finance fell victim to a well-planned hack that saw hackers secure $371,000 worth of USD Coin [USDC] using a smart contract exploit.
After the incident, Nereus Finance released a detailed post-mortem of the incident explaining the hacker was able to deploy a custom smart contract that utilized a $51 million flash loan from Aave to artificially inflate the Avalanche pool price for a single block.
The bad debt was reportedly paid off from the team’s treasury, as told by the Nereus in the report.