Solana-based focused liquidity protocol – Crema Finance – temporarily halted its operations to investigate an exploit that took away more than $8.78 million worth of cryptocurrencies.
crema hack recap
According to Update Provided by the company, it all started with a vulnerability in Tix. The hackers activated six flash loans from Soland Pool and used Wormhole Exchange to deposit the stolen funds. Soland, on the other hand, was not impressed, and the funds are safe. To access Flash Loans, the hacker first deployed his on-chain program, which was shut down shortly after the exploit.
In order to reduce the impact of the shock, Crema decided to suspend the smart contract after the exploit. It revealed that it worked closely with several experienced security firms and related organizations to monitor the activities of the hacker’s fund.
The attacker swapped the stolen funds for 69422.9 SOL and 6,497,738 USDCet via Jupiter, after which USDCet was connected to the Ethereum network with the help of a wormhole, and shortly thereafter converted to 6,064ETH via Uniswap.
Both the Solana and Ethereum addresses of the attackers have been blacklisted. The team behind the DeFi protocol contacted They were sent via an on-chain message to their Ethereum address which read,
“To the Crema Hacker: Your addresses have been blacklisted on both Solana and Ethereum and all eyes are on you right now. You have 72 from now on to become a white hat and consider keeping $800k as a reward hours. and transfer the remaining funds back to our contract-update-authorization address.”
If the attacker declined the offer, Crema revealed that she would take the legal route. With the fund located, the platform said it will continue to track its movements.
Before the time window closes, the team will also be open for communication with the hacker. At present, it is working on technical fixing as well as fund tracing. Crema will renegotiate the contract after the investigation is complete and a “resolution plan” will be put in place.
Continued attacks on DeFi
Attacks on DeFi have been rampant since the sector boomed in 2020, with North Korea leading the world in such crime. One of the notorious organizations that has been at the center of many such attacks is the government-backed Lazarus Group.
Millions of dollars are believed to have been stolen by a state-funded hacking group, which is then pumped into the national defense budget, such as funding missile or nuclear tests. Currently, the DPRK’s massive cyber program is targeting Web3 and DeFi, according to several US government agencies.
PrimeXBT Special Offer: Use this link to register and enter code POTATO50 to get up to $7,000 on your deposit.