Crema Finance, a Solana blockchain-based liquidity protocol, lost a large chunk of crypto assets after being breached in a hack attack over the weekend. Crypto assets worth $8.78 million (roughly Rs. 69 crore) were leaked out of Crema Finance after the hacker(s) deployed a smart contract and used it to lend a flash loan and validate liquidity. The smart contract was later suspended to avoid the loss of more funds. The developers of Crema Finance disclosed details about this breach on Twitter.
“The hacker swapped the stolen fund into SOL 69422.9 and USDCet 6,497,738 via Jupiter. The USDCet was then bridged to Ethereum network via Wormhole and swapped to ETH 6064 via Uniswap after that,” the Crema Finance team wrote as part of its elaborate tweet thread.
4) After creating the fake tick account, the hacker circumvented our routined owner check on the tick account by writing the initialized tick address of the pool into the fake account. Txid: https://t.co/X0IneBg9ut
— CremaFinance (@Crema_Finance) July 3, 2022
The hacked funds have been located by the company and are being monitored closely to follow any other movement.
Crema has also teamed-up with relevant security agencies for assistance in the case.
“We’re still open to a communication with the hacker before the time window is closed. Now we are working on the technical fixing and fund tracing simultaneously. Contract will be resumed with issue fixed after the investigation is all done and a resolutionment plan is made,” the company noted.
Launched in January this year, Crema Finance allows liquidity providers to set specific price ranges, add single-sided liquidity and do range order trading on Solana.
In the last two days, the value locked on Crema fell from over $12 million (roughly Rs. 94 crore) to $3 million (roughly Rs. 23 crore), a report by Coindesk said.
Last week, Chainalysis launched a hotline to accept reports of such events. If entities are approached with suspicious crypto payment requests from strangers, they can call up this hotline and register their alerts.
In a blog-post titled ‘Crypto Incident Response’, Chainalysis said that hackers caused thefts and damages of up to $3 billion (roughly Rs. 23,486 crore) from 251 attacks in 2021.
So far in 2022, cyber criminals have stolen over $1.7 billion (roughly Rs. 13,210 crore) in digital assets with Decentralised Finance (DeFi) protocols accounting for 97 percent of the total, a different report by Chainalysis had recently claimed.
The $625 million (roughly Rs. 4,660 crore) Ronin bridge breach in late March and the $320 million (roughly Rs. 2,486 crore) Wormhole attack in February were the main sources of the loot.