An attack on the Cream Finance smart contract has been successfully completed. The attacker executed a flash loan to exploit a vulnerability in the way Cream Finance calculates asset values, to walk away with a cool $117 million in profit.
The developers behind Cream Finance scrambled to fix the bug, trying to prevent more attacks on their various markets.
What is Cream Finance?
Cream Finance is a Decentralized Finance (DeFi) lending protocol running on Ethereum, Binance Smart Chain and Fantom blockchains. It allows people to deposit one cryptocurrency as collateral for borrowing a different asset. For example, deposit USDC and borrow Ethereum.
Someone carefully analyzed how Cream Finance calculates its asset prices, then launched a flash loan attack to take advantage of discrepancies.
How much did they take?
The attacker (or attackers) gained a $117 profit. Mostly Cream LP tokens and other Ethereum based tokens.