On July 2, Crema Finance was attacked, with the Solana-based liquidity protocol losing nearly $10 million. Still, the hacker appears to be somewhat sympathetic, because he has refunded most of the money. In a deal, the hacker was allowed to keep $1.6 million as a white hat reward.
Hacker refunds money
A premium of 45,455 Solana (SOL) was offered, representing a value of approximately $1.6 million. The protocol had to (temporarily) suspend their service after the cyber attack.
Immediately after the attack, the team began an investigation into the hacker and the vulnerability within the protocol. Eventually, the hacker’s crypto address could be traced. Not much later they managed to contact the attacker.
After extensive negotiations, the hacker returned a total of 6,064 Ethereum (ETH) and 23,967 SOL. This was confirmed by the CremaFinance team through their Twitteraccount. The money has reportedly been returned in several transactions. In a first test, a negligible number of crypto coins were used, most likely to test whether the transaction would go through. In subsequent transactions, the remaining funds were returned.
Exploit via flash loan
Because this money is back, Crema users are also more reassured. However, this does not mean that this is now all over. Although the vulnerability has now been identified, it has yet to be fully resolved. The team is therefore working hard on a solution for this.
The attacker managed to steal the money by taking out a flash loan on the DeFi ‘Solend Decentralized Finance’ lending protocol. This was then added to Crema’s pool as liquidity. The hacker then managed to fabricate pricing data to make it look like they got a much bigger reward than they should have. This allowed them to take “an enormous amount” worth about $9.6 million from the pool, to which they added the flash loan.
An audit has now been launched to resolve the issue. Once this has been completed, the Crema protocol will be fully operational again. Affected users will be compensated.