Cream to Return Stolen Funds Using Protocol Fees
The protocol said in excess of $33.5 million in ether and AMP was taken in the hack.
Updated May 11, 2023 at 7:05 p.m. UTC
Decentralized finance protocol Cream Finance said it will use protocol fees to repay users that lost money during Monday’s attack.
- In a postmortem posted on Medium, the Cream Finance team said it is committing one-fifth of protocol fees until affected users have recovered all of their funds.
- The protocol will post collateral with the AMP and Flexa teams until the debt is repaid. Affected users are invited to submit a request through a Google form.
- Cream also revised its Monday estimate of the hack upwards. It said the hackers drained 462,079,976 AMP tokens and 2,804.96 ether, totaling upwards of $33.5 million.
- This is the first time Cream was directly exploited, the post said, probably referring to another attack it suffered earlier this year.
- The team has identified a main exploit and a copycat. The latter has withdrawal history on Binance, so Cream is working with the crypto exchange to identify the copycat. The two stole the funds over 17 transactions.
- Cream is offering its usual bug bounty: If the hacker or hackers comes forward, they can keep 10% of the stolen funds.
- The post confirmed earlier reports that the integration of ERC-777 AMP token contracts in the Cream protocol were the root cause.
- While the AMP market integration took place in February, it was only five days before the attack that a big influx of AMP tokens on Cream made the account profitable, according to the blog post.
- Cream said it will re-deploy AMP borrowing and lending once the vulnerability has been patched.
See also: The Poly Hack and Crypto’s Trust Issues