Decentralized lending platform Cream Finance appears to have suffered a severe exploit on Wednesday, with an attacker stealing over $100 million worth of funds through a large flash loan attack.
Blockchain data analytics company PeckShield first identified the flash loan on Wednesday. The compromised funds were mainly Cream LP tokens, as well as other Ethereum-based tokens.
#FlashLoanAlert https://t.co/XzAvHqoINN
— PeckShield Inc. (@peckshield) October 27, 2021
During a flash loan attack, an attacker exploits vulnerable smart contracts in order to create their own arbitrage opportunity. Typically, this is done by modifying the relative value of a trading pair by flooding the contract using their loaned tokens.
Cream Finance has been routinely targeted by attackers, as evidenced by the $19 million flash loan hack of the protocol in August. As Cointelegraph reported at the time, the attack was facilitated by a reentrancy bug introduced by the Amp token.
This story is still in development.