Solana-Based Protocol ‘Crema Finance’ Exploited for $8.7 Million, Services Suspended

By José Oramas July 05, 2022 In DeFi, Hackers, Solana

Solana-based liquidity protocol Crema Finance has announced via Twitter that it suffered a US$8.7 million hack and has suspended its services to investigate the incident.

On July 2, Crema Finance announced the temporary halting of services and that it would update its users as soon as it had more information:

Flashloans Used to Drain Liquidity Pool

Crema is said to be working with blockchain audits platform OtterSec to investigate the hack. According to OtterSec, the hacker used Solend (a Solana-based lending platform) flashloans to drain the protocol’s pool.

Apparently, the hacker was able to circumvent Crema’s security procedures by implementing an “on-chain program” and subsequently deploying the flashloans.


The attacker stole over US$400,000 in USDH and US$5 million in USDT, later swapping the tokens for SOL and sending it to an address that currently holds around 69,442 SOL:

Crema Finance is not related to Cream Finance, another DeFi protocol that has suffered multiple exploits in the past.

A day after the incident, Crema claimed to have found the hacker’s Discord account and is now working with third parties to help detect the hacker’s identity:

The hacker allegedly used six flashloans to exploit the protocol. Flashloans are a common instrument in the DeFi ecosystem. Another recent victim of a flashloan exploit was Inverse Finance, an Ethereum-based protocol that lost US$1.2 million.

And about 10 weeks ago, Beanstalk, a credit-based stablecoin also on Ethereum, lost more than US$180 million in a flashloan exploit.

José Oramas

José Oramas

José is a journalist and translator with a keen interest in blockchain and cryptocurrencies.

You may also like