Cream Finance loses $25 million in another security breach


TL;DR Breakdown

  • Cream Finance has suffered another security breach that drained about $25 million in AMP and ETH.
  • The incident was a result of a “reentrancy bug” on AMP token contract.

For the second time in six months, popular decentralized lending protocol Cream Finance has suffered another attack due to a “reentrancy bug,” according to blockchain security and data analytics company, PeckShield. The protocol’s development team confirmed the incident on Twitter, noting that AMP tokens and Ether (ETH) were lost. 

Cream Finance attack

In what PeckShield addressed as a flash loan attack, the CREAM v1 market on the Ethereum blockchain was exploited early today due to a reentrancy bug on AMP token contract. The hacker exploited the bug to “re-borrow assets during its transfer before updating the first borrow.”