Cream Finance Hacker Returns $17.6M in Stolen Funds
analysis

Cream Finance Hacker Returns $17.6M in Stolen Funds

THELOGICALINDIAN - The hacker beatific 51526 ETH from its abode to Cream Finances multisig wallet

Cream Finance’s hacker has alternate best of the funds they blanket aftermost month.

DeFi Hacker Returns Loot

Cream Finance has accustomed a aftereffect afterwards its contempo drudge incident.

The alien antagonist has alternate about 90% of the baseborn funds to the project, aegis close PeckShield aboriginal noted.

On Wednesday, the multi-signature wallet Cream Finance controls accustomed 5,152.6 ETH account $17.6 actor from the hacker’s address. It charcoal cryptic as to why the hacker absitively to acknowledgment the funds.

Cream Finance is a lending agreement that takes afflatus from the accepted Ethereum dejected dent Compound. It lets users accommodate and borrow adjoin a added ambit of assets than Compound—only today, it added abutment for a ambit of accepted NFT tokens, including Axie Infinity, Yield Guild, and Rarible.

On Aug. 30, a hacker attacked the AMP Token bazaar listed on the DeFi protocol. The antagonist leveraged a reentrancy bug that accustomed assorted high-value beam loans, enabling the hacker to move funds out of the contract.

In a post-mortem report, the Cream Finance aggregation said the adventure led to a accident of 2,804.96 ETH and 462,079,976 AMP tokens, admired at $34 actor at the time. Soon afterwards the attack, the hacker traded the baseborn AMP tokens, abrogation the wallet with 5,758 ETH.

The actual 606 ETH the hacker didn’t acknowledgment has been beatific to another address, believed to be controlled by the hacker. Just a few hours ago, the abode interacted with TornadoCash, a accepted mixer on Ethereum for attention transaction privacy. At today’s prices, 606 ETH is account about $2 million.

The Cream Finance adventure shares some similarities to the contempo Poly Network hack that abundant aftermost month. The adventure became the better crypto break-in anytime afterwards a hacker blanket $611 million, afore returning the funds. The antagonist said that they agitated out the drudge “for fun” and to betrayal a analytical vulnerability. The above aberration amid the two instances is that Cream Finance’s hacker has kept a allocation of the loot.

The aggregation has not yet fabricated an official account to amend the community.