An attacker behind one of Cream Finance’s several exploits converted roughly $1.75 million in stolen funds on Monday, blockchain data shows. The address has now moved 607 bitcoins in stolen funds so far since the exploits.
Tracking tool MistTrack showed the attack swapped more than 1,000 ethers to 80 renBTC, a representation of bitcoin on Ethereum, in the early hours of Monday. The attacker then converted the 80 renBTC to actual bitcoin.
The move came weeks after the same address converted stolen funds to more than 300 renBTC over several days in July. The attackers used the Ren Gateway, a bridge, to make these moves. A bridge in blockchain technology is software that allows users to transfer tokens between different blockchains.
Cream Finance didn't immediately respond to a request for comment.
The lending service was previously hit by multiple exploits – the latest being a $130 million attack in late 2021 – which damaged its reputation in crypto circles and contributed to a 94% decline in the price of its native CREAM token. That attack was one of the first “flash loan” exploits in the crypto sector. It involved 68 different assets and cost over nine ethers in gas, or transactions fees.
Flash loans are a popular way for attackers to gain funds to conduct exploits on decentralized finance (DeFi) systems. Such loans allow traders to borrow unsecured funds from lenders using smart contracts instead of third parties.
Cream had previously floated proposals to make those affected by the exploits whole. However, communication from the project’s developers has largely tapered off this year, with very few updates on its social-media channels.
CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk offers all employees above a certain salary threshold, including journalists, stock options in the Bullish group as part of their compensation.