According to a PeckShield investigation, an unknown hacker gained $18.8 million from the latest Cream Finance protocol flash loan exploit using a reentrancy bug introduced by the Amp token.
The total amount is $25,678,948, but according to CoinGecko, the price of AMP has already dropped by more than 15% as of press time. Cream Finance’s native CREAM token has also dropped nearly 6%.
Cream Finance announced the news Monday, saying the protocol halted supply and borrow contracts on the Amp token. No other markets were impacted, said Cream Finance.
According to PeckShield, the hacker was able to make a 500 Ethereum flash loan to exploit a “reentrancy bug” in the Flex Network smart contract. The term flash loan refers to an uncollateralized loan that is repaid quickly.
Cream Finance is a decentralized finance platform that allows users to earn interest on their idle cryptos. Unlike Aave or Compound, Cream has markets for a wide range of obscure cryptos. Cream is based on Compound.
Cream was involved in another hack in February. The attack was caused by an Alpha Finance exploit, resulting in a $37.5 million loss.