A major hack has roiled the decentralized finance community as a black hatter made off with some 18 million in AMP and ETH tokens, utilizing a “reentrancy bug” on the Cream finance platform.
That’s not the lion’s share of Cream’s $658 million held in assets, but it’s a significant amount.
Helen Partz at Cointelegraph reports the hacker used something called a “flash loan” that involves re-borrowing on the platform, essentially running numbers in a way that exploits time sensitivity inherent in the platform.
“The hacker makes a flashloan of 500 ETH and deposit the funds as collateral,” spokespersons for the security firm PeckShield explain, in Partz’ coverage. “Then the hacker borrows 19M $AMP and makes use of the reentrancy bug to re-borrow 355 ETH inside $AMP token transfer. Then the hacker self-liquidates the borrow.”
In taking AMP tokens, the hacker was utilizing a defi asset that is made to collateralize payments on the Flexa platform.
“Amp is an extensible platform for collateralizing asset transfers,” write spokespersons on the AMP web site. “By staking Amp, any form of value exchange can be guaranteed: digital payments, fiat currency exchange, loan distributions, property sales, and more… Amp also simplifies network reward distribution once a transfer is complete. The Amp smart contracts offer a variety of built-in incentive models, including micro-distributions and continuous compounding.”
The Cream hack didn’t happen in a vacuum and it’s not the only one of such incidents that experts have to look at to determine how to protect defi assets today.
“As previously reported by Cointelegraph, DeFi product Alpha Homora in February suffered a $37-million hack, which exploited Cream’s Iron Bank protocol-to-protocol lending platform,” Partz writes. “On Saturday, Bilaxy crypto exchange suffered a major hot wallet hack leading to 295 ERC-20 tokens being compromised. Liquid lost nearly $100 million in a hack that took place on Aug 19.”
Keep an eye out for news on how defi hacks change the landscape of the crypto/defi market.