Crema Finance Hacker Returns $7.6 Million, Keeps $1.6 Million as Bounty
After exploiting the tick accounts of Solana-based concentrated liquidity protocol Crema Finance to steal nearly $9 million, the hacker has returned over $7 million to the project, keeping the remainder as a bounty reward.
Crema Hackers Returns Stolen Funds
Since the hack, Crema has been negotiating a bounty with the hacker to give back the funds. The project has confirmed that the negotiation was successful, and the attacker has returned $7.6 million in four transactions. However, the hacker has kept 45,455 SOL worth $1.68 million as a white hat bounty.
“After a long negotiation, the hacker agreed to take 45455 SOL as the white hat bounty. Now we have confirmed the receipt of 6064 ETH + 23967.9 SOL in four transactions indicated below. A follow-up compensation plan will be released in 48h,” the project said.
CryptoSavingExpert reported earlier this week that the hacker exploited a vulnerability on Crema Finance using a flashloan attack, making it the first flashloan hack on the Solana network. Investigations into the incident revealed that the attacker executed six flashloans from Solana-based lending protocol Solend after creating multiple fake tick accounts on Crema.
Following the hack, the concentrated liquidity protocol reached out to the attacker via an on-chain message to negotiate the return of the stolen assets. Crema had initially offered an $800,000 bounty if the attacker returned the stolen funds. The project also threatened to involve the police and use legal force if the hacker did not comply. Both parties have now reached a compromise.
Not Every DeFi Project is Lucky Enough
Unlike Crema Finance, not every DeFi project is lucky enough to get a refund from hackers. For instance, Harmony Protocol recently suffered a security breach that led to the theft of $100 million worth of assets.
Although Harmony offered a $1 million bounty for the return of the funds, the attackers showed no interest and have started covering their tracks through the use of crypto mixers. Shortly after the bounty offer, the hacking group moved $21 million worth of assets to Tornado Cash. The gang has now transferred the entire 85,837 ETH from the wallet address used for the hack.
Harmony protocol is working with authorities, including the FBI, to identify the criminals.
~ By William A. Frederick ~
