DeFi Protocol Crema Finance Loses $8.7 Million to Hackers in Solana’s First Flash Loan Attack
Solana-based concentrated liquidity protocol Crema Finance has lost about $8.7 million worth of assets to hackers in a flashloan attack. This makes it Solana’s first flash loan exploit.
Hacker Steals $8.7 Million from Crema
The Crema team announced the incident on Twitter, noting that they had temporarily suspended the contract and were investigating the hack while promising to share updates as soon as possible.
According to combined data from Solana FM and OtterSec, the attacker stole the funds by exploiting a vulnerability on Crema’s tick account, a dedicated account that stores price tick data in CLMM. Solana FM is an indexer on the Solana network, while OtterSec is a blockchain auditing company. Both firms are working with the Crema team to resolve the issue.
“The hacker started by creating a fake tick account. After creating the fake tick account, the hacker circumvented our routined owner check on the tick account by writing the initialised tick address of the pool into the fake account,” Crema explained.
Next, the attacker managed to take six flashloans from lending protocol Solend, which they used to add liquidity on Crema before draining the pool.
The hacker moved part of the stolen assets to an Ethereum wallet address using Wormhole transfer. All the funds are now in separate wallet addresses on Solana and Ethereum. Crema said the addresses have been blacklisted, and it is working with relevant firms to track the movements of the funds.
Crema Offers $800k Bounty
Crema has also contacted the hacker through an on-chain message, offering an $800,000 bounty if they return the funds within 72 hours. The project also threatened to involve police authorities if the attacker did not comply.
“Now the fund is located and we’ll keep tracking its movements. More and more relevant organisations are providing valuable clues for us. Also, we’re still open to communication with the hacker before the time window is closed,” the project said.
Although Crema’s hack is Solana’s first flashloan attack, the technique is quite common among DeFi hackers. It involves borrowing large amounts of funds from a DeFi lender and using them to trigger a sell-off in the price of a crypto asset. The entire process is speedy, and the hacker could cart away millions without notice.
Last October, an attacker used a flash loan attack to syphon over $130 million from Cream Finance. Similarly, in April, Fantom-based Deus Finance lost over $13 million worth of assets to a flashloan exploit.
~ By William A. Frederick ~
