By
Bhushan Akolkar
March 27th, 2024
The weakness in security infrastructures from Cream Finance and other recently hacked DeFi protocols has continued to dampen the sentiments surrounding the sector.
The hacker(s) that exploited Cream Finance in one of the historic flash loans attacks in one of the Decentralized Finance (DeFi) ecosystems to date is notably moving the funds to launder. Blockchain data analytics and security firm, PeckShield discovered the movement as shared in a Twitter post today.
According to PeckShield, the Flashloan Exploiter has swapped approximately 1,000 ETH worth about $1.75 million for 80 renBTC. PeckShield was silent about the exchanges or platforms used for the swap, and it seems the identity of the attacker still remains largely unknown.
It has been a very tumultuous year for Cream Finance as the protocol has experienced about three hacks in the past 12 months. The latest hack involved a $130 million exploit as reported by Coinspeaker back in October.
“Our Ethereum C.R.E.A.M. v1 lending markets were exploited and liquidity was removed on October 27, 1354 UTC. The attacker removed a total of ~$130m USD worth of tokens from these markets,” Cream Finance said in a statement at the time, “With the help of friends from @iearnfinance and others in the community, we were able to identify the vulnerabilities and patch them. In the meantime, we’ve paused our v1 lending markets on Ethereum and we’re in the process of putting together a post-mortem review. We apologize to our users and community for this unfortunate incident and thank you for your support.”
Vulnerability of Cream Finance
While not the only DeFi protocol that has been hacked in recent times, the unique vulnerability of Cream Finance is beginning to unnerve a lot of industry stakeholders. In reality, the design model of the platform’s flash loan attack makes it more susceptible to attacks, but many believe the team is not competent enough to wade off these consistent attacks.
Following the PeckShield update of the fund transfer from the latest hack, a Twitter user @Pierre_crypt0 posted a question saying;
“How many times cream can be exploited until we admit people working on the project are imcompetent\at least shouldn’t be working on financial products?”
How many times cream can be exploited until we admit people working on the project are imcompetentat least shouldn’t be working on financial products ?
— Pierre (⛷️,⛷️) – I'll never DM you first (@pierre_crypt0) September 12, 2022
The weakness in security infrastructures from Cream Finance and other recently hacked DeFi protocols has continued to dampen the sentiments surrounding the sector. While these vulnerabilities take different formats, the comparison of DeFi or crypto-related innovations to those from the traditional financial sector has remained flawed.
While critics are not disputing the ingenious innovation that accompanies the DeFi and the emerging Web3.0 ecosystem, more creative security infrastructure is advocated in a bid to protect consumers and the broader crypto industry.
