Cream Finance Flash Loan Attacker Replaces 500,000 DAIs with ETHs, Reports Say

According to reports, according to CertiK monitoring, the Cream Finance Flash Loan attacker 0x70747df6AC244979A2ae9CA1e1A82899d02bbea4 has replaced an additional 500000 DAIs with ETHs. Cream Finance was hacked in June last year and lost approximately $8.8 million.

Cream Finance Flash Loan Attackers have swapped another 500000 DAIs for ETH

In June 2020, Cream Finance, the Decentralized Finance (DeFi) lending and borrowing platform, was attacked and lost approximately $8.8 million. Since then, the platform has undergone multiple security upgrades to prevent such occurrences. However, recent reports show that the attacker, identified as 0x70747df6AC244979A2ae9CA1e1A82899d02bbea4, has returned and replaced an additional 500,000 DAIs with ETHs. In this article, we will explore the Cream Finance attack, how it was executed, and what measures the platform has taken to prevent future attacks.

The Cream Finance Attack: A Recap

In June 2020, the Cream Finance platform was attacked by an unknown hacker who exploited a loophole in the platform’s flash loan feature. Flash loans are uncollateralized loans that are processed instantly, allowing borrowers to borrow up to thousands of dollars worth of crypto without the need for collateral. The hacker took advantage of this feature and borrowed large sums of crypto, which they used to manipulate the price of a low-volume token on a decentralized exchange. They then repaid the loan, realizing huge profits in the process.
According to reports, the attacker manipulated the pricing of multiple tokens, including YFI, BAND, and Ampleforth, among others. As a result of the attack, Cream Finance lost approximately 25,000 ETHs, 179,000 AMPs, and 1.4 million USDTs, among other cryptocurrencies.

How the Attack Was Executed

The attacker executed the attack in two phases. In the first phase, they borrowed 500,000 DAI from Aave, an Ethereum-based DeFi lending platform, and deposited it into Cream Finance. They then borrowed ETHs worth more than 4,000 ETHs from Uniswap, a decentralized exchange, using the DAI as collateral. With the borrowed ETHs, the attacker manipulated the price of a low-volume token on another decentralized exchange, making huge profits. They then repaid the loan from Uniswap and withdrew the 500,000 DAI from Cream Finance.
In the second phase, the attacker repeated the same process, this time with multiple tokens, including BAND, YFI, and Ampleforth, among others. They borrowed large sums of each token, manipulated the price, and then repaid the loan, realizing huge profits.

Cream Finance’s Response

After the attack, Cream Finance took several measures to prevent future attacks. The platform implemented a new smart contract, Cream V2, which includes multiple security upgrades, such as timelocks and access control lists, among others. Additionally, the platform is working to have a fully integrated formal verification system that ensures smart contract safety.

Conclusion

The recent attack on Cream Finance is a reminder of the growing threats to DeFi platforms. The attacker was able to manipulate the price of multiple tokens and make huge profits, highlighting the need for DeFi platforms to prioritize security measures. While Cream Finance has taken measures to prevent future attacks, it is up to other platforms to follow suit and implement similar security upgrades to ensure the safety of user funds.

FAQs:

1. Can the attacker be identified?
– The attacker has been identified as 0x70747df6AC244979A2ae9CA1e1A82899d02bbea4.
2. What measures has Cream Finance implemented to prevent future attacks?
– Cream Finance has implemented multiple security upgrades, such as timelocks and access control lists, among others, in their new smart contract, Cream V2.
3. How much did Cream Finance lose in the June 2020 attack?
– Cream Finance lost approximately $8.8 million in the June 2020 attack.