Solana-based liquidity protocol Crema Finance has announced via Twitter that it suffered a US$8.7 million hack and has suspended its services to investigate the incident.
On July 2, Crema Finance announced the temporary halting of services and that it would update its users as soon as it had more information:
Flashloans Used to Drain Liquidity Pool
Crema is said to be working with blockchain audits platform OtterSec to investigate the hack. According to OtterSec, the hacker used Solend (a Solana-based lending platform) flashloans to drain the protocol’s pool.
Apparently, the hacker was able to circumvent Crema’s security procedures by implementing an “on-chain program” and subsequently deploying the flashloans.
The attacker stole over US$400,000 in USDH and US$5 million in USDT, later swapping the tokens for SOL and sending it to an address that currently holds around 69,442 SOL:
A day after the incident, Crema claimed to have found the hacker’s Discord account and is now working with third parties to help detect the hacker’s identity:
The hacker allegedly used six flashloans to exploit the protocol. Flashloans are a common instrument in the DeFi ecosystem. Another recent victim of a flashloan exploit was Inverse Finance, an Ethereum-based protocol that lost US$1.2 million.
And about 10 weeks ago, Beanstalk, a credit-based stablecoin also on Ethereum, lost more than US$180 million in a flashloan exploit.
The content and views expressed in the articles are those of the original authors own and are not necessarily the views of Crypto News. We do actively check all our content for accuracy to help protect our readers. This article content and links to external third-parties is included for information and entertainment purposes. It is not financial advice. Please do your own research before participating.