Hackers Steal $130 Million From Cream Finance in the Third Hack This Year

Written by Supriyo Chatterji
Published on October 28, 2021

Cream Finance, one of the Yearn finance ecosystem’s DeFi (decentralized finance) protocols, has been hacked for $130 million on October 27. The hackers tore away from its Cream Liquidity Pool tokens and other ERC-20 tokens. The first of these two constituted the bulk of primary cryptocoin stolen in this attack. The hackers stole $117 million via flash loan attacks as per the Peckshield.

A few hours later, Cream took Twitter to say "With the help of friends from @iearnfinance and others in the community, we were able to identify the vulnerabilities and patch them. In the meantime, we've paused our v1 lending markets on Ethereum and we're in the process of putting together a post-mortem review."

After the theft, all the stolen Cream LP tokens were changed to DAI and USDC. They were given two payments of $92 million and $23 million and sent over several crypto wallets. Meanwhile, in consequence, the $CREAM token dropped almost 30% within one hour from $152 to $111. Cream Finance is yet to release an official statement on the incident but they have acknowledged the attack and are looking into Ethereum-based CREAM v1 protocol.

In August, Gary Gensler, head of the US Securities and Exchange Commission, recommended installing regulations a few weeks prior. He predicted even more damaging attacks on trading platforms in the future if regulatory mechanisms are not put in place.

The Cream Finance platform has been hacked twice before. The previous incident was in early August, which resulted in the theft of about $37.5 million and $18.8 million. Another attack in February 2021 cost the platform $37 million.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: