Cream Finance will reimburse users for stolen ETH and AMP through protocol fees

The developers of the decentralized finance (DeFi) protocol Cream Finance have posted a breakdown of the fast credit attack that hit the platform on August 30th. According to the project team, the stolen ETH and AMP will be gradually refunded to users through platform fees.

About 20% of the protocol commissions will be used for this purpose until the debt is fully paid off. Cream will also post collateral to AMP with affected users on Flexa’s digital payments network to secure the debt.

According to the developers’ report, this attack was the first time that Cream Finance suffered a direct hack, losing 462 million AMP tokens and 2,800 ETH. With the help of PeckShield, the project team discovered that the vulnerability was the result of a bug in AMP integration into the protocol.

“To our regret and disappointment, we take responsibility for the error,” the developers said.

Along with the main attack, the protocol team also discovered a smaller mock attack using a Binance transaction history address. The exchange works with the protocol to identify a second attacker.

The project team stated that it is cooperating with the authorities and law enforcement agencies to identify the attacker and bring him to justice “to the fullest extent of the law.” The developers of the cracked protocol also offer the hacker a reward of 10% of the stolen money if he decides to return it.

“If anyone can help identify and provide information leading to the arrest and prosecution of the hacker, we will remit him a reward equal to 50% of all returned money,” the protocol team says.