Decentralized lending protocol Cream Finance has suffered a flash loan attack, losing over $130 million worth of various crypto assets. This was the third successful hack against the popular DeFi project in the past year.

  • Cream Finance has confirmed it suffered an exploit this Wednesday through a flash loan attack, compromising mostly Cream LP tokens and other ERC-20 coins.
  • Blockchain security firm PeckShield was the first to identify the attack. Data from blockchain explorer Etherscan shows $132 million was stolen from the C.R.E.A.M v1 marketplace on Ethereum, later sent to two different wallets.
  • The flash loan involved 68 different assets and cost around 9 ETH in gas. At press time, the attacker now holds $92 million worth of various tokens on its contract, and $22 million are held by the contract creator’s address.

#FlashLoanAlert https://t.co/XzAvHqoINN

— PeckShield Inc. (@peckshield) October 27, 2021

  • The price of CREAM plunged -27% minutes after the attack, down from $152 to $111, according to data from CoinGecko.
  • This is the third time Cream Finance has suffered a security breach this year alone. As CryptoPotato reported on August 30, the lending protocol was hacked through reentrancy on the AMP token contract, losing an estimated $25 million in AMP coins and ERC-20 tokens.
  • This is not only Cream Finance’s biggest hack – it’s the third-largest in DeFi history, according to some estimations. While Rekt’s leaderboard has not been updated, this hack moves EasyFi’s $59 million exploit to the 4th spot, while Poly Network and Compound remain the leaders of the board.