Crema Finance, a DeFi protocol powered by Solana, has announced a forced shutdown. The developers are investigating the circumstances of the hack, which cost the project $6 million.
Reporting a hacker attack appeared on twitter. Details are not yet available. The team engaged the audit firm OtterSec to investigate the exploit.
At OtterSec figured outthat the hacker used Solend’s so-called flash loans to siphon money from the protocol’s pools. The attacker used his own on-chain program, which he previously deployed on the protocol.
He then used flash credits to trigger three key instructions in the Crema smart contract: DepositFixTokenType, Claim, and WithdrawAllTokenTypes. With their help, he replenished and withdrawn the same amount plus additional tokens.
Crema Finance co-founder Henry Du confirmed that an investigation was already underway.
“We are working with some security professionals and have already secured support from Solana, Solscan, Etherscan and other projects. We will update the information on twitter and keep you updated.”
In addition, the Crema team sent hacker with an on-chain message to his Ethereum address.
It was not possible to identify the attacker, because he deactivated the program immediately after the hack.
In anticipation of official versions, crypto tweeter has already begun its own investigation with might and main. The community discovered a wallet belonging to a hacker. It currently has 69,422.89 SOL worth $2.3 million. Another user claimsthat the attacker is already laundering money.
At the time of publication, several Solana-based protocols such as Solend, Port Finance, and Solscan have expressed their willingness to help the affected project.
The temporary suspension of services appears to be an attempt to prevent a hacker from draining the pools. Some experts claim that a hacker withdrew 90% of liquidity from some pools of Crema Finance.
Crema Finance Just Received $5.4M
The hack comes two weeks after Crema Finance raised $5.4 million in a private funding round. It was led by the Qiming Venture Partners venture capital fund, and Everest Ventures Group, AGE Fund, Big Brain Holdings, Summer Capital were also among the investors.
Crema Finance is not connected to the decentralized protocol Cream Finance, which in 2021 lost more than $150 million due to hacker attacks.
Stay in touch! Subscribe to World Stock Market at Telegram.