Cream Finance, a decentralized finance (DeFi) lending protocol, suffered its second flash loan attack this year, with the perpetrators draining more than $25 million.
- The attack was first reported by PeckShield in a tweet early on Monday. The blockchain security firm pointed to Ethereum records showing at least $6 million were drained at 5:44 UTC.
- The root cause of the incident was lending of AMP tokens, Cream Finance Product Manager Eason Wu said on Discord. Other assets on Cream are secure, he said.
- AMP token contracts allowed for a reentrancy attack, the same type of exploit used in the infamous DAO hack.
- Flash loan attacks take advantage of one of DeFi’s most controversial features: loans that do not require collateral.
- Cream Finance lost $37 million in the attack earlier this year.
UPDATE (AUG. 30, 9:13 UTC): Updates value, adds details from Cream Finance tweet.
STORY CONTINUES BELOW
Recommended for you:
UPDATE (AUG. 30, 10:22 UTC) Adds updated estimate from PeckShield.