According to reports, Cream Finance has likely been exploited, with withdrawals from the Iron Bank temporarily being suspended as well. While details were sparse at press time, the protocol refused to clarify whether it had indeed been exploited. In fact, Cream Finance’s only update was that it is currently investigating a “potential exploit.”
Many in the crypto-community are speculating that the attackers in the present case made off with 13k ETH, with the figures amounting to over $23 million, at the time of writing.
The exploit reportedly involved arbing the Iron Bank contracts on Cream Finance. The contract address allegedly responsible for the attack was funded through Tornado Cash – a method commonly used by hackers to anonymously launder funds. Tornado Cash improves transaction privacy by breaking the on-chain link between the source and destination addresses.
On-chain data suggests that the address in question has started sending several ETH through Tornado Cash, in addition to 1000 ETH, to Alpha Homora Deployer, 1000 ETH to Cream Finance, and 100 ETH to Tornado’s grant.
As of six hours ago, the Cream Iron Bank had $6.1 billion of $AAVE locked, along with $1.07 billion of $CREAM.
The Iron Bank, which was launched as a part of CREAM v2, is intended to be CREAM’s paradigm-shifting protocol-to-protocol lending platform and liquidity backstop for the entire DeFi ecosystem.
The price of the $CREAM token dipped sharply as soon as the development first came to light. In fact, it fell by over 30% in one hour from $288 to $193, following news of the potential exploit.
This article will be updated…
Sign Up For Our Newsletter