On 30th of August 2021, around 04:03 AM UTC an exploit occurred, which targeted the Cream Finance DeFi platform on the Ethereum blockchain. The exploiters stole AMP and ETH tokens with a total value of around 29 million USD.
In the latest example of the dangers of decentralized finance – even with extensive code audits – the attacker used a reentrancy bug in the AMP currency, adding AMP tokens to Cream Finance’s platform, according to Peckshield, a blockchain security company.
This loophole enabled the attacker to re-borrow assets during the transfer before updating the first borrow. This was then repeated 17 times (listed below) and enabled the hacker to fraudulently obtain 418,311,571 AMP and 1,308.09 ETH (worth $25.1 million and $4.15 million, respectively, at the time of the attack).
Most of the transactions were made by sending them directly to miners – to bypass the mempool, making the exploit faster, thus preventing the hacker from being exposed too early.
The attack began during ETH block 13124591 and ended during block 13125193, lasting for over two hours. Cream Finance claimed it stopped the attack by pausing supply and borrowing in the AMP token.
Had Cream Finance not stopped the attack, a great deal more funds could have been lost. Currently, Cream Finance’s TVL (Total Value Locked) stands at $616 million, according to DeFi Pulse. Besides the CREAM token, AMP is Cream Finance’s largest supplied market, accounting for 9.5% of the platform’s Ethreum blockchain (Cream Finance also operates on the BSC, Polygon and Fantom chains), and its largest borrowing market – at 27.2% of the total.
Coinfirm conducted an analysis of all of the attacker’s addresses using clustering algorithms but found no other addresses linked to other exploits. It is common for hackers to create new addresses used for just one attack so that more attacks are not attributed to one entity – lessening the chance of identification – although in the past Coinfirm found a hacker that had struck BSC’s Eleven Finance and Impossible Finance days apart using the same address as a recipient of stolen funds.
On Monday 30th August at 9 am, CREAM traded at $181.70. 24 hours later the price had dropped to $161.40, a -10.7% drawdown.
This is not the first time Cream Finance has been attacked. In February 2021 attackers used Cream Finance’s Iron Bank protocol-to-protocol lending platform to hack Alpha Finance for $37.5 million using a fake contract. None of Cream Finance’s user funds were stolen in that attack, however, the token did retrace further, by -23.5% from $285.50 to $218.50.
During the attack, a number of Miner Extractable Value (MEV) bots took advantage of the arbitrage opportunity that the hacker created.
What is Miner Extractable Value (MEV)?
Regular transactions made by less experienced users, using lower, average fees go to the mempool first. It’s a base of transactions waiting for approval by the miners. Transactions with higher fees get verified first, whilst ones with lower fees have to wait. An issue is they (the ones with lower fees) might get front-runned, meaning if someone else spots a transaction (for example a DEX swap) they can create a transaction with a higher fee to prevent or at least affect the transaction in the mempool.
MEV bots are thus algorithms run to seek to benefit from arbitrage opportunities within blocks by front-running transactions.
The Addresses and Smart Contracts
A total of 4 addresses were used to generate the smart contracts in the attack, with one taking the lion’s share of the funds.
Download the Enhanced Risk Report of the Cream Finance attacker’s main address – 0xcE1F4B4F17224ec6df16Eeb1e3e5321c54Ff6EDe – with $24.4 million of fraudulently obtained funds still present.
The address in the report above created a total of 18 smart contracts; 0xbd51Cb8c06F768d3225b613B79B1386F4c83D1FA, 0x862c8b2e8eA56760Ea1d4301eeEC131f493052ba, 0xa63d4dE7B8e56eA26C7537BFd619Cc6ea043932A, 0x4A82E7979a78E03a06d6C3117f3C83966d72fdeC, 0x203e6E1B54f768dB740770c4Ac23b70CCe1BC67E, 0x2Ab93b65AA461209de902Fb9264484C84e32aD9b, 0x8Ea53Ff4d57c5692140d13524497f797184641Cd, 0xb513Fdb93b2657821281879cA14a6253E4E2B360, 0x2E95B91FA678b47660aBA811B74a28Ca1F4ED111, 0x3292818dB514DA53C566dfb791b12a4F78462D54, 0xFe543106A3d997A2DA35Ef51b6efaA80067e806E, 0xc51bdC9aeBBa23aEA787D6e535e2725448D36e65, 0x4287230914dCd9b686b52e53f2EF476BAf8e5a19, 0xBc82aB5A82235bb0166668CbB1C2B3a07cb99624, 0xB2d6cDFC19904Ef4a207D0075a6E3C9B1A0fA64E, 0x2f2E34aA31Dd97FcA044071FFB1E3E258865c2cA, 0x5567Ca4FCBB866DaDd40f0F8f61Daa755225E868, 0x38c40427efbAAe566407e4CdE2A91947dF0bD22B, 0x0ec306D7634314D35139d1dF4A630d829475A125.
Another address, 0x8036EbD0Fc9C120BA0469ffCB27b204AA06aaF1F, used smart contracts; 0x32d77947aACa79FE5485560C16090721725f2B84 and 0xaB9e4aE445b441868345431D0e5bA1bfdDd70244.
The third and fourth addresses, 0x6510438A7E273e71300892c6faf946aB3B04CbCb and 0x8bf84Ecaff833f8eB65b81970503453a05B79231, used the smart contracts; 0x18C0cA3947E255881f94DE50B3a906Fc2759F7FE and 0x9ECf90d03592E5443146Ebaa3B5D4cE0E7be9A19.
Coinfirm has added these addresses to our illicit crypto database and is monitoring the path of the stolen funds. So far, around ~200 of the 1,308.09 ETH has been sent through an Ethereum mixer, a platform built to obfuscate funds on the blockchain (Coinfirm’s monitoring tools are able to detect funds that have passed through these systems). Other funds have been sent to various DEXs, whilst the rest remains in the attacker’s other addresses.