Decentralized finance (DeFi) project Cream Finance (CREAM) confirmed that they’ve suffered an exploit today.
"C.R.E.A.M. v1 market on Ethereum has suffered an exploit, resulting in a loss of 418,311,571 in AMP and 1,308.09 in ETH, by way of reentrancy on the AMP token contract," the team said.
This is currently worth around USD 25.5m.
The project further said that they have stopped the exploit by pausing supply and borrow on AMP, and that no other markets were affected.
Blockchain analytics and security firm PeckShield assisted with the investigation, they said.
According to journalist Colin Wu, there were a total of 17 transactions and 2 attackers.
In March this year, Cream Finance urged their users to stay away from the website as it had been hit with so-called DNS-hijacks. They said at the time that their "DNS has been compromised by a third party; some users are seeing requests for seed phrase on http://app.cream.finance. DO NOT enter your seed phrase."
Cream Finance’s latest tweet promises an incoming post-mortem.
At 8:46 UTC Monday morning, CREAM is trading at USD 168. It’s down nearly 5% in a day and 7.5% in a week.
– Another DeFi Hack: PancakeSwap, Cream Finance Websites Compromised
– A Tale of Two Hacks: Poly Hacker Bows Out, Liquid to Restore Operations
– Tether Frozen in Poly Hack Returned to Owners, Fuelling Centralization Debate
– 4th Major DeFi Hack In A Month: Origin Dollar Loses USD 7m