Solana-Based Protocol ‘Crema Finance’ Exploited for $8.7 Million, Services Suspended

Solana-based liquidity protocol Crema Finance has announced via Twitter that it suffered a US$8.7 million hack and has suspended its services to investigate the incident.

On July 2, Crema Finance announced the temporary halting of services and that it would update its users as soon as it had more information:

🚨🚨Attention! Our protocol seems to have just experienced a hacking. We temporarily suspended the program and are investigating it. Updates will be shared here ASAP.

— CremaFinance (@Crema_Finance) July 3, 2022

Flashloans Used to Drain Liquidity Pool

Crema is said to be working with blockchain audits platform OtterSec to investigate the hack. According to OtterSec, the hacker used Solend (a Solana-based lending platform) flashloans to drain the protocol’s pool.

Apparently, the hacker was able to circumvent Crema’s security procedures by implementing an “on-chain program” and subsequently deploying the flashloans.

The attacker stole over US$400,000 in USDH and US$5 million in USDT, later swapping the tokens for SOL and sending it to an address that currently holds around 69,442 SOL:

@Crema_Finance was recently hacked for over $6M. Unlike previous attacks, this hacker used Solend flashloans to drain the pool. We’re working closely with the Crema team to help resolve this issue.

In the meantime, we’ll be sharing what we know about the exploit 🧵 pic.twitter.com/5NjovZtAEb

— OtterSec (@osec_io) July 3, 2022

Crema Finance is not related to Cream Finance, another DeFi protocol that has suffered multiple exploits in the past.

A day after the incident, Crema claimed to have found the hacker’s Discord account and is now working with third parties to help detect the hacker’s identity:

New progress: According to the clues provided by our partners, we found the suspect discord account of the hacker that he/she was using during the hacking incident. We're approaching relevant parties to get more information that may help with the detection.

— CremaFinance (@Crema_Finance) July 4, 2022

The hacker allegedly used six flashloans to exploit the protocol. Flashloans are a common instrument in the DeFi ecosystem. Another recent victim of a flashloan exploit was Inverse Finance, an Ethereum-based protocol that lost US$1.2 million.

And about 10 weeks ago, Beanstalk, a credit-based stablecoin also on Ethereum, lost more than US$180 million in a flashloan exploit.