The Cream Finance project lost over $34 million in crypto after a hacker exploited a flaw in its market system.
Cream Finance is a DeFi (decentralized finance) lending platform that enables individuals to borrow cryptocurrency. Its assets are backed by a variety of fiat and cryptocurrency stakes.
The incident took place on August 31 and resulted in the theft of over 462,079 in AMP tokens and 2,804 in ETH tokens. This is equal to over $34 million in total.
In an analysis of the attack carried out with PeckShield cybersecurity company, the attacker identified an issue in how the platform integrated AMP, which could be exploited and result in a reentrancy bug.
“While unfortunate and disappointing, we take ownership of the error,” the developers said.
The platform is working with law enforcement to find the attacker, as well as the second “copycat” individual who might have been involved and has a transaction history with Binance.
AMP supply and borrow functions have been suspended until a patch is deployed. The organization will also replace the stolen ETH and AMP fees with 20% of fees refunded.
Cream stated if the attacker would like to return the stolen money, they can keep 10% and do so without any consequences. And if a platform user can provide a lead that leads to the attacker’s arrest, 50% of the stolen funds would be offered as a reward.
If both offers are unsuccessful, the company will cooperate fully with law enforcement authorities.
The platform was hit by another cyberattack earlier this year. That time, it lost $37.5 million after a hacker exploited a flaw in its payment system via IronBank.
The cryptocurrency sector is no stranger to high-profile thefts. Earlier this month, the platform Poly Network revealed that an attacker had stolen over $610 million in cryptocurrency. The thief, who was identified as Mr. White Hat, eventually returned the funds, for which they earned a reward from the company.