It is reported that hackers stole more than $29 million in bitcoin assets from Cream Finance, a decentralized finance (DeFi) platform that allows users to lend and speculate on cryptocurrency price fluctuations.
The hack was verified by the business earlier today, around a half-hour after blockchain security startup PeckShield detected evidence of an ongoing attack.
Cream Finance stated that the hacker utilized a “reentrancy attack” in its “flash loan” function to pilfer 418,311,571 AMP tokens (worth about $25.1 million at the time of the breach) and 1,308.09 ETH coins (worth approximately $4.15 million).
The phrase “flash loan” refers to an agreement (software) that operates on the Etherium blockchain which allows Cream Finance customers to take out small loans from the company’s money and then repay them later.
Reentrancy attacks occur when a flaw in these agreements permits an attacker to extract funds continuously in a loop before the initial transaction is authorized or refused, or the funds must be returned.
PeckShield and Tal Be’ery, the creator of cryptocurrency wallet startup ZenGo, verified that Cream Finance attacker took use of a flaw in the ERC777 token contract interface, which Cream Finance uses to connect with the supporting Etherium network.
Be’ery said in an interview that ERC777 has allowed multiple reentrancy attacks against DeFi digital services, which continue to depend on the functionality despite a string of poor implementations, flaws, and hacks.
According to the ZenGo cofounder, DeFi services must build or install a firewall-like technology for their systems in order to screen fraudulent responses to their underlying agreements, which are also the foundation of their operations and the focus of the majority of these attacks.
As per CipherTrace, DeFi-related attacks accounted for 76 percent of all significant hacks in 2021, and consumers have lost over $474 million to assaults on DeFi systems this year. The majority of the assaults against DeFi protocols used flash loans, according to a study issued earlier in the month by the firm.
Similarly, DeFi hacks accounted for 21percent of the overall 2020 cryptocurrency thefts and stolen assets, up from 0% the previous year, according to a company study last year.
The fact that cryptocurrency eco-system is heavily unrestricted, security is almost an uncommon occurrence, and many frameworks fail at integrating their underlying network foundation, many running glitchy contracts (scripts) that could be easily exploited by anyone with an understanding of cryptography and C and C++ coding, can explain this trend of hackers targeting DeFi platforms.