A flash loan attack that depleted Crema Finance's liquidity reserves caused them to lose over USD 8.7 million in cryptocurrency assets. Crema Finance is a concentrated liquidity protocol developed on the Solana (SOL) blockchain.
On Sunday, the protocol's official Twitter account announced the temporary suspension of the service while they began an investigation after confirming the intrusion.
Crema Finance's Twitter account stated, "Our protocol seems to have recently experienced a cyberattack." We've put the program on hold while we look into it; any updates will be posted here as soon as possible.
The hacker began by setting up a false tick account, which is a specific account used to store price tick data in a concentrated liquidity market maker, according to the team (CLMM). By "putting the initialized tick address of the pool into the bogus account," they were able to prevent the standard "check" procedure.
The hacker then used a contract to increase liquidity to open positions on Crema and borrow a flash loan from borrowing and lending firm Solend.
The legitimate transaction fee data was changed by the counterfeit data, and the hacker finished the heist by claiming a significant fee amount out of the pool, according to Crema Finance. "In CLMM, the calculation of transaction fees mostly rely on the data in tick account," the company added.
Crema Finance was allegedly exploited for USD 8.78 million, including various quantities of USDT, USDH Hubble Stablecoin, and crypto synthesizers, according to a report by Solana explorer SolanaFM.
The project disclosed the hacker's associated addresses while claiming to be following the flow of stolen money.
The group stated that "more and more pertinent organizations are giving us helpful hints, and we're still open to a dialogue with the hacker before the time window is closed."
The company has located the stolen money, and it is constantly watching it for any further movement.
In order to help with the case, Crema has also partnered with the appropriate security organizations.
"Before the time frame closes, we're still open to speaking with the hacker. We are now doing both fund tracing and technical repair at once. After the inquiry is complete and a resolution strategy is developed, the contract will be continued with the problem resolved, the company stated.
Crema Finance, which was introduced in January of this year, enables liquidity providers to define specified price ranges, add single-sided liquidity, and execute range orders on Solana.
According to a Coindesk report, the value locked on Crema decreased over the past two days from over $12 million (approximately Rs. 94 crore) to $3 million (about Rs.
Chainalysis established a hotline to receive reports of such incidents last week. Entities can phone this hotline and report any questionable crypto payment requests they get from unknown parties.
According to Chainalysis, hackers launched 251 assaults in 2021 that resulted in thefts and damages of up to $3 billion (approximately Rs. 23,486 crore).
A different analysis by Chainalysis has previously claimed that over $1.7 billion (approximately Rs. 13,210 crore) in digital assets have been stolen by cybercriminals so far in 2022, with Decentralised Finance (DeFi) protocols accounting for 97% of the total.
The main sources of the loot were the $320 million (approximately Rs. 2,486 crore) Wormhole attack in February and the $625 million (about Rs. 4,660 crore) Ronin bridge breach in late March.