News

Cream Finance appears to have suffered major loss in flash loan hack

Decentralized lending platform Cream Finance appears to have suffered a severe exploit on Wednesday, with an attacker stealing over $100 million worth of funds through a large flash loan attack.

Blockchain data analytics company PeckShield first identified the flash loan on Wednesday. The compromised funds were mainly Cream LP tokens, as well as other Ethereum-based tokens.

During a flash loan attack, an attacker exploits vulnerable smart contracts in order to create their own arbitrage opportunity. Typically, this is done by modifying the relative value of a trading pair by flooding the contract using their loaned tokens.

Cream Finance has been routinely targeted by attackers, as evidenced by the $19 million flash loan hack of the protocol in August. As Cointelegraph reported at the time, the attack was facilitated by a reentrancy bug introduced by the Amp token.

This story is still in development.