ETH protocol Cream Finance hacked for more than $130 million
![LOL LOL](https://substackcdn.com/image/fetch/w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fbucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com%2Fpublic%2Fimages%2F5e5c61c4-fcc5-4bff-b7bc-c0cc59b871c1_1838x848.png)
Defi lending protocol CREAM Finance has been exploited for $130M. This is the third-largest attack that has occurred in defi space. Sources say that the attacker had made a $117M gain on the exploit.
C.R.E.A.M. Finance is a decentralized lending protocol for individuals, institutions and protocols to access financial services. Users passively holding ETH or BTC can deposit their assets on C.R.E.A.M. to earn yield, similar to a traditional savings account. It is the latest example of hackers finding loopholes in open-source code using flash loans meaning the loans that are executed without collateral as long as they’re repaid in one blockchain block.
The attacker wrote a message in the transaction “gÃTµ Baave lucky, iron bank lucky, cream not. ydev : incest bad, dont do.” This appears to imply that CREAM’s Iron Bank is untouched.
The community has discussed shorting the CREAM token as a way of recovering some of the lost money. The CREAM token had a 25% decline from $156.85 to $116.68 yesterday. The protocol has had at least three other breaches. In the most recent one, $23M was lost due to a bug.
“We are investigating an exploit on C.R.E.A.M. v1 on Ethereum and will share updates as soon as they are available,” the CREAM Twitter account.