Months after losing $25 million to the cold hands of hackers, Cream Finance has suffered yet another major attack. On Wednesday, a malicious actor made away with over $100 million worth of funds in a fresh loan attack.
The attack was first discovered by blockchain data analytics company PeckShield. The majority of the stolen funds were Cream liquidity provider tokens, along with other Ethereum-based tokens.
#FlashLoanAlert https://t.co/XzAvHqoINN— PeckShield Inc. (@peckshield) October 27, 2021
For clarity, in a flash loan attack, a malicious actor exploits vulnerable smart contracts in order to create arbitrage opportunities. This is done by flooding the contract with loaned tokens that usually results in a change in the relative value of a trading pair.
This is not the first time Cream Finance is the victim of a DeFi attack. According to BTC PEERS, the platform lost a whooping sum of $25 million in a flash loan attack back in August. It later resorted to repaying users with protocol fees after identifying the AMP (OTC:AMLTF) integration error that caused the loss.
The protocol took to Twitter (NYSE:TWTR) to alert its followers of the attack. However, the comments on the thread were filled with several angry responses that highlighted Cream’s poor track record when it comes to securing user assets.
We are investigating an exploit on C.R.E.A.M. v1 on Ethereum and will share updates as soon as they are available.— Cream Finance