Thief milks CREAM Finance for $18m+ in cryptocurrency after spotting security bug

CREAM Finance, a decentralized loan platform, lost at least $18m in cryptocurrency on Monday to an unidentified thief.

The biz's name stands for Crypto Rules Everything Around Me, which evidently overstates the lending operation's control over its funds.

"CREAM v1 market on Ethereum has suffered an exploit, resulting in a loss of 418,311,571 in AMP and 1,308.09 in ETH, by way of reentrancy on the Amp token contract," the company said via Twitter, adding that it had blocked the exploit by pausing supply and borrow contracts for the AMP token.

Currently, those values translate to about $23m in AMP and $4.4m in ETH but prices have been fluctuating. PeckShield, a security firm that has been looking into the incident, estimated the theft at $18.8m.

Taiwan-based CREAM Finance, not to be confused with Latvia-based Cream Finance, offers loans. One way it does so is through "Flash Loans."

Flash Loans, the company explains in its documentation, provide those developing smart contracts with brief access to "undercollateralized loans" – the borrowed amount and a fee must be returned within one blockchain transaction block (about 15 seconds).

DeFi is based on the notion of what optimists refer to as smart contracts – financial operations governed by code rather than human brokers. Among the various risks of trusting one's funds to clever code is what's known as a reentrancy attack, which is when a contact function calls an external function that interferes with data affecting the operations of the calling function.

A very expensive bug

"The hack is made possible due to a reentrancy bug introduced by Amp, which is an ERC777-like token and exploited to re-borrow assets during its transfer before updating the first borrow," PeckShield explained via Twitter.

According to PeckShield, the crook made a 500 ETH Flash Loan and deposited the funds as collateral, then borrowed 19m AMP and exploited a reentrancy bug to re-borrow 355 ETH inside the Amp token transfer function, and finally self-liquidate the borrowed amount.

By repeating this process 17 times, the crypto-robber was able to gain 5,980 ETH, worth about $19m.

• OK, so you stole $600m-plus from us, how about you be our Chief Security Advisor, Poly Network asks thief
• $600m in cryptocurrencies swiped from Poly Network
• US senators reach last-minute compromise on cryptocurrency regulations as infrastructure bill vote looms
• US proposes tracking digital cash and taxing it to pay for, you know, roads and stuff

ERC777 defines an Ethereum token contract interface that works with the ERC20 token interface. The Amp token was designed to work on the Flexa payment network for the purpose of securing digital asset payments. A June 2020 audit of the Amp token indicates that a recommendation to modify Amp to make it safer from reentrancy attacks was adopted.

In a Twitter post on Monday, the Amp Project suggested its technology was not to blame. "Recently, a flash loan exploit was used to liquidate Amp on Cream Finance," the group said. "After an initial review, we believe the Amp contract is functioning as intended. We are working closely with [CREAM Finance] to investigate further and will provide additional details as soon as possible."

A separate audit of CREAM [PDF] by Trail of Bits from January 2021 identified two significant issues related to centralization of control and poor documentation of its technology.

Back in February, a DeFi product called Alpha Homora, to help people earning better interest on their crypto holdings, lost $37m in a heist that took advantage of CREAM's Iron Bank lending platform.

CREAM Finance's value is down about 6 per cent in the last 24 hours, with its cryptocurrency-based market cap at $102m. ®