Security has always been a sore point for Defi projects with a lot of attacks. Crema Finance – the liquidity aggregator platform on Solana has recently become a victim of hackers when attacked. The initial amount of damage was estimated at $8.7 million.
Crema Finance urgent announcement
As updated in a previous article by Coincu News, on the morning of July 3, Crema Finance made an emergency announcement on Twitter to warn users about the project being attacked and forced to suspend operation for processing.
As confirmed by Crema, the damage from the attack was about $8.7 million.
Currently, Crema is still trying to fix the problem, and at the same time cooperates with parties such as Etherscan, Solana to put the hacker’s wallet list on the blacklist, tracing the money flow.
Crema Finance claims to give the hacker 72 hours to return the money and is allowed to keep $800,000 as a bug bounty reward. If not, the project claims to invite the law to investigate and track down the culprit.
About how hackers attack, Crema currently does not have accurate information. Through the collected data, xNFT account Pierre Arowana has a rough explanation on Twitter.
To attack Crema Finance, the hacker used a flash loan tool on Solend, borrowed an amount of money and then deposited it into the pool. Hackers took advantage of deposit, claim and withdrawal orders to withdraw money. The key here is that the hacker can claim the fee from the pool “comfortably” (usually only those who provide liquidity can claim it, and claim the fee according to the amount divided by the liquidity supply ratio).
xNFT Pierre Arowana considers this to be a fundamental error on Solana, when the account is not fully authenticated, leading to hackers being able to create fake data to manipulate the project.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join CoinCu Telegram to keep track of news: https://t.me/coincunews