According to Crema Finance, a decentralized finance (defi) protocol, this application was hacked on July 2, 2022, called “Solanafm. According to its Twitter account, defi protocol lost approximately $8.7 million in the attack.
Crema Finance vulnerability causes defi apps to lose millions of dollars – 6 Flashloans executed
Another Defi protocol lost funds to hackers, as the Solana liquidity application announced it was attacked on Saturday, July 2, 2022.
“Attention,” Crema Finance wrote on Saturday.” It appears that our protocols have just experienced a hack. We have temporarily suspended our program and are investigating it. An update will be shared here ASAP.”
Crema Finance is a centralized liquidity market maker (CLMM) algorithm built on top of Solana, and the Twitter account@solanafmexplained that the defi app was abused.” On July 2, a vulnerability in the ticks account caused a total of $8,782,446 in exploits at Crema Finance,” Solanafm tweeted.
“We worked closely with the Crema team alongside [Ottersec] to break down the movement of stolen funds following the exploit,” Solanafm added.Ottersec is a blockchain auditing firm, andvarious blockchain smart contracts and infrastructureaudits.
Solanafm said the hackers siphoned off funds through“six flash loans” via the Solend protocol, which is a blockchain protocol that allows for the transfer of funds from one blockchain to another. Attackers also took advantage of wormhole exchanges to collect stolen funds.
37} “Currently, all of the stolen funds are stored in the hacker’sETHwallet; ETHwallet and [early] SOL wallet,” Solanafm’s Twitter thread concluded.
Ottersec also published a threadabout theCrema Finance exploit and flash loans.” In order to take advantage of the flash loan, the attacker had to deploy his own on-chain program.” Ottersec stated.” Unfortunately, the program was shut down soon after the exploit.”
“The flash loan invokes three main instructions on the Crema contract: ‘DepositFixTokenType’, ‘Claim’, and ‘WithdrawAllTokenTypes’. The attacker can [then] deposit and then withdraw the same amount of tokens while receiving additional tokens from the claim instruction,” Ottersec added.
Image credits: Shutterstock, Pixabay, Wiki Commons