Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Bitcoin

Hackers Steal $29 Million From Crypto-Platform Cream Finance (therecord.media) 35

Posted by BeauHD from the another-day-another-hack dept.
An anonymous reader quotes a report from The Record, written by Catalin Cimpanu: Hackers are estimated to have stolen more than $29 million in cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform that allows users to loan and speculate on cryptocurrency price variations. The company confirmed the hack earlier today, half an hour after blockchain security firm PeckShield noticed signs of an ongoing attack. Cream Finance said the hacker used a "reentrancy attack" in its "flash loan" feature to steal 418,311,571 in AMP tokens (estimated at around $25.1 million at the time of the hack) and 1,308.09 in ETH coins (estimated at around $4.15 million). The term "flash loan" refers to a contract (script) that runs on the Etherium blockchain that allows Cream Finance users to take quick loans from the company's funds and then return them at a later date.

Reentrancy attacks take place when a bug in these contracts allows an attacker to withdraw funds repeatedly, in a loop, before the original transaction is approved or declined or the funds need to be returned. PeckShield and Tal Be'ery, the founder of cryptocurrency wallet app ZenGo, confirmed that the Cream Finance hacker exploited a bug in the ERC777 token contract interface that's used by Cream Finance to interact with the underlying Etherium blockchain. Be'ery told The Record today that ERC777 has enabled several reentrancy attacks on DeFi online services, which keep relying on the feature despite its history of bad implementations, bugs, and hacks. The ZenGo founder also told The Record that DeFi services need to develop or implement a firewall-like system for their platforms in order to filter malicious requests to their underlying contracts, which are the backbone of their services and the targets of most of these hacks.
This discussion has been archived. No new comments can be posted.

Hackers Steal $29 Million From Crypto-Platform Cream Finance More

Hackers Steal $29 Million From Crypto-Platform Cream Finance

Comments Filter:

  • Smear job. (Score:3)

    by Ostracus ( 1354233 ) on Monday August 30, 2021 @06:57PM (#61746805) Journal

    Something got creamed.

    • Yes indeed. This outcome is surprising on the order of another gigantic data breach that has my ss# and credentials for sale on the dark web.

    • Something got creamed.

      Maybe if Cream Finance used the PeckShield before they got Creamed...

      Or on second thought:

      We're sorry but peckshield_test2.0 doesn't work properly without JavaScript enabled. Please enable it to continue.

      Perhaps not.

  • Wow... so many of these crypto-heists that the operators of these platforms might as well just leave the cash-drawers open and ask people turn off the lights close the door on their way out.

    Security? What's that? :(

    • Great way to cash out. Sorry folks we got hacked your money is gone. Better luck next time. Insert more USD to continue...

      • Re: (Score:2)

        by cusco ( 717999 )

        Wonder how much of the crypto that "disappeared" when Silk Road got shut down ended up in the wallets of the regulators who closed them.

        • Quite a lot iirc the numbers are published as to how much loot the government made. It had to be at least a billion USD.

          • Re: (Score:2)

            by cusco ( 717999 )

            Not the gov't, I was wondering about the regulators themselves. A **LOT** of funds just evaporated into thin air before the government or creditors could grab them.

            • Oh you can be sure anyone that could take did take as much as possible. That is one of the issues with this coin no real accountability, coins get minted, lost, destroyed and now burned. I myself had a couple hundred p3 500 CPUs mining bitcoin back in the day and never bothered to collect the coins as it was experimental and not worth my effort. I suspect all those coins never ever will be spent, or perhaps they will. IDK I was taught to buy things for investment purposes that have intrinsic value.

  • so they let you take out markers?
    well when you don't pay them back the MOB hunts you down.

  • Mount Gox called, it wants it's headline back.
    • Was going to say, while skimming... initially skipped this as a probable dupe or other recycling of recent events. The jadening is real.

  • Who needs pesky things like laws and accountability?

    • What would "laws and accountability" would have change in this specific case? The hacker would have not tries? The money would not have been stolen? The depositor would get refunded? The institution owner would go in prison for negligence? I think only the last one would happened and that still the case, regulated or not.

      • Re: (Score:2)

        by dasunt ( 249686 )

        What would "laws and accountability" would have change in this specific case? The hacker would have not tries? The money would not have been stolen? The depositor would get refunded? The institution owner would go in prison for negligence? I think only the last one would happened and that still the case, regulated or not.

        Depends on what regulations were written into law.

        For example, the FDIC was created by law in 1933 to insure bank accounts, which means customers of a bank are insured up to $250,000.

    • Re: (Score:2)

      by cusco ( 717999 )

      Accountability? From what I've seen of these exchanges even introducing the concept of "accounting" would be a novel development.

  • Hell is it theft or is it piracy? Eitherway stealing from any of these exchanges will likely result in zero prosecutions. Seems to me many of the exchanges have fails frequently and the only person that loses is the person who risked the cash Ripping off cryptocurrencies could however result in the odd missing person when the wrong people lose money.

    • Hell is it theft or is it piracy? Eitherway stealing from any of these exchanges will likely result in zero prosecutions. Seems to me many of the exchanges have fails frequently and the only person that loses is the person who risked the cash Ripping off cryptocurrencies could however result in the odd missing person when the wrong people lose money.

      The heist of other people's cryptocurrency is designed into the system from the start. Part of the feature set - getting spun up about it is like thinking that insider trading is not an integral part and foundation of the stock market.

      • Insider trading only goes so far. If you get caught doing insider trading in most of North American markets you will quickly find yourself unable to be a director of a company and paying some serious legal fees. Get caught committing fraud in the cryptocurrency markets not only do you keep a vig for yourself you get offered a job.

  • Hahahaha. Dickheads.

  • Cry me a river of salty tears.

    Tulip crisis [wikipedia.org] rolls straight into the South sea bubble [wikipedia.org] unabated.

  • I went out into my tulip fields this morning to find someone had come and pulled them all out of the ground. Now I have no tulips.

    • Re: (Score:2)

      by cusco ( 717999 )

      Probably squirrels, that's what get all of mine. Considering the "security" on most of these exchanges I wouldn't be surprise to find they've been ripped off by squirrels as well.

Slashdot Top Deals

The primary function of the design engineer is to make things difficult for the fabricator and impossible for the serviceman.

Close