Decentralized finance protocol Cream Finance said it will use protocol fees to repay users that lost money during Monday’s attack.
- In a postmortem posted on Medium, the Cream Finance team said it is committing one-fifth of protocol fees until affected users have recovered all of their funds.
- The protocol will post collateral with the AMP and Flexa teams until the debt is repaid. Affected users are invited to submit a request through a Google form.
- Cream also revised its Monday estimate of the hack upwards. It said the hackers drained 462,079,976 AMP tokens and 2,804.96 ether, totaling upwards of $33.5 million.
- This is the first time Cream was directly exploited, the post said, probably referring to another attack it suffered earlier this year.
- The team has identified a main exploit and a copycat. The latter has withdrawal history on Binance, so Cream is working with the crypto exchange to identify the copycat. The two stole the funds over 17 transactions.
- Cream is offering its usual bug bounty: If the hacker or hackers comes forward, they can keep 10% of the stolen funds.
- The post confirmed earlier reports that the integration of ERC-777 AMP token contracts in the Cream protocol were the root cause.
- While the AMP market integration took place in February, it was only five days before the attack that a big influx of AMP tokens on Cream made the account profitable, according to the blog post.
- Cream said it will re-deploy AMP borrowing and lending once the vulnerability has been patched.
See also: The Poly Hack and Crypto’s Trust Issues
DISCLOSURE
Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.