The long-suffering DeFi protocol Cream Finance fell victim to a hacker attack. Yes, once again. This time, a vulnerability in the code allowed scammers to steal $130 million in cryptocurrency.
The Twitter-account PeckShield was the first to report the attack on Cream Finance, which is based on the Ethereum blockchain. The user drew attention to a large fast lending transaction that was carried out on the Cream Finance platform. Cream LP tokens and Ethereum-based tokens were withdrawn.
The fraudster took advantage of a vulnerability in the mechanism for calculating the price of the pool token yUSD and, using a multi-stage scheme for pumping the price of the pool token, received a multimillion-dollar income, and immediately withdrew it outside the platform.
The Cream Finance team acknowledged the attack and started an internal investigation.
According to The Block, Cream Finance has previously been the victim of similar attacks, which resulted in the theft of nearly $38 million in February and nearly $19 million in August 2021.
The largest hack of the DeFi protocol in the history was a hacker attack on PolyNetwork this year. A hacker stole $600 million worth of crypto tokens.