$8.78M stolen as a result of DeFi startup Crema Finance hack
Decentralized finance protocol startup Crema Finance has temporarily suspended its services after a hacker stole $8.78 million in cryptocurrency from the company.
Crema offers a focused liquidity protocol or CLMM that provides services to traders and crypto liquidity providers. Liquidity protocol providers offer a solution to illiquid markets by offering liquidity providers rewards for swapping illiquid cryptocurrencies. The company’s core service is a focused liquidity market maker that uses an enhanced algorithm to drive decentralized trading.
Karima reviewed the details of the hack on Sunday on Twitter, explaining that the hacker started by creating a fake “hash account”, which stores price index data in CLMM. The hacker then circumvented Crema’s owner verification on the account by typing the initial group hash address into the fake account.
The second step saw the hacker post a contract and use it to make a quick loan from Solana to add liquidity on Crema to other open positions. With CLMM, the transaction fee is based on the data in the hash account, but in this case, it has replaced the original transaction fee data with the fake data. The hacker was then able to claim a fee from the aggregator for the spurious transaction.
Upon discovery of the vulnerability, Crema suspended all smart contracts and worked closely with professional security institutes and related organizations to track the movements of hacker funds.
Crema was able to trace the stolen funds through the hacker swapping them into balances in Solana and USDCet via the Jupiter swap pool. USDCet was then replaced by Ethereum via the decentralized crypto exchange Uniswap.
Portfolios that hold funds in circulation with Crema are defined to keep track of all movements.
“It couldn’t be more horrible to see this happen, especially at such a buoyant time for Crema,” the company wrote. “We are now working on technical fix and money tracking simultaneously. Contract [sic] The problem will be resumed after investigation is completed and resolved [sic] The plan has been drawn up. “
The company also indicated that it was still open to contacting the hacker before taking further action, indicating that Crema would be happy to simply return the stolen funds.
Crema is not the first DeFi company to be hacked. In what is believed to be the largest DeFi hack to date, $600 million in cryptocurrency was stolen from Poly Network, which provides the funding platform, in August.
Photo: Crema Finance
Show your support for our mission by joining the Cube Club and Cube Event community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Gacy, Dell Technologies Founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more prominent personalities and experts.