According to the decentralized finance (defi) protocol Crema Finance, the application was hacked on July 2, 2022. A Twitter account called “Solanafm” says the defi protocol lost around $6.7 million from the attack.
Crema Finance wrote on Saturday on their Twitter handle. “Our protocol seems to have just experienced a hacking. We temporarily suspended the program and are investigating it. Updates will be shared here ASAP.”
Crema Finance is a concentrated liquidity market maker (CLMM) algorithm built on top of Solana and the Twitter account @solanafm explained the defi app suffered an exploit. “On 2nd July, a vulnerability in the ticks account caused an exploit on Crema Finance for a total amount of $8,782,446,” Solanafm tweeted.
“We worked closely with the Crema team alongside [Ottersec] to break down the movement of the stolen funds following the exploit,” Solanafm added. Ottersec is a blockchain auditing firm that has audited various blockchain smart contracts and infrastructure.
Solanafm says that the hacker siphoned the funds via “6 flash loans on” the Solend Protocol. The attacker also leveraged the Wormhole Exchange to gather the stolen funds.
“Currently, all of the stolen funds are held in the hacker’s ETH wallet and [the] initial SOL wallet,” Solanafm’s Twitter thread concluded.
According to a blockchain auditing firm, OtterSec, the hacker used Solend flash loans to drain the protocol pools. The attacker first deployed their on-chain program, so they could use the flash loans.
Then they used the flash loans to call “three key instructions on the Crema contract: DepositFixTokenType, Claim, and WithdrawAllTokenTypes.” With these, they could deposit and withdraw the exact amount they deposited plus additional tokens.
Hacker remains unidentified
Unfortunately, the hacker’s identity remains unknown, as they disabled the program immediately after the exploit. Additionally, the co-founder of Crema Finance, Henry Du, confirmed that an investigation had started.
The Crema team has also reached out to the hacker via an on-chain message to the hacker’s Ethereum address.
The address that allegedly belongs to the hacker has been blacklisted, offering the bad actor an $800,000 bounty. Whoever hijacked the protocol has 72 hours to come forward to become a white hat. Otherwise, Crema Finance threatens to contact law enforcement officials and start an official investigation to identify the hacker.
Crema Finance just raised $5.4 million
The attack comes only two weeks after Crema Finance raised $5.4 million in a private funding round. Qiming Venture Partners led the funding round, which also included Everest Ventures Group, AGE Fund, Big Brain Holdings, Summer Capital, etc.
Crema Finance is not related to Cream Finance, the decentralized finance protocol that lost over $100 million to flash loan attacks in 2021.
Conclusion
The Solana network has had it rough this year with the series of hacks and exploits on the chain itself. The protocols built on it have suffered. According to a report by Atlas VPN, the Solana ecosystem suffered five hack attacks in 2022 Q1 at the cost of $397 million. The Wormhole hack was the most significant, as it resulted in a loss of $334 million. Also, this year, hackers carted away over $52 million through the hack of Cashio, a Solana-based stablecoin project.
Solana Ecosystem should work on its security as the rate of hacks increases and this might prevent investors from investing in the ecosystem or even withdrawing their remaining investment since it seems they lack security.