Cream Finance Hacker Returns $17.6M in Stolen Funds

The hacker sent 5,152.6 ETH from its address to Cream Finance's multi-sig wallet.

Shutterstock cover by Oleksandra Naumenko

Share this article

Cream Finance’s hacker has returned most of the funds they stole last month.

DeFi Hacker Returns Loot

Cream Finance has received a payback after its recent hack incident.

The unknown attacker has returned about 90% of the stolen funds to the project, security firm PeckShield first noted.

On Wednesday, the multi-signature wallet Cream Finance controls received 5,152.6 ETH worth $17.6 million from the hacker’s address. It remains unclear as to why the hacker decided to return the funds.

Cream Finance is a lending protocol that takes inspiration from the popular Ethereum blue chip Compound. It lets users lend and borrow against a wider range of assets than Compound—only today, it added support for a range of popular NFT tokens, including Axie Infinity, Yield Guild, and Rarible.

On Aug. 30, a hacker attacked the AMP Token market listed on the DeFi protocol. The attacker leveraged a reentrancy bug that allowed multiple high-value flash loans, enabling the hacker to move funds out of the contract.

In a post-mortem report, the Cream Finance team said the incident led to a loss of 2,804.96 ETH and 462,079,976 AMP tokens, valued at $34 million at the time. Soon after the attack, the hacker traded the stolen AMP tokens, leaving the wallet with 5,758 ETH.

The remaining 606 ETH the hacker didn’t return has been sent to another address, believed to be controlled by the hacker. Just a few hours ago, the address interacted with TornadoCash, a popular mixer on Ethereum for preserving transaction privacy. At today’s prices, 606 ETH is worth about $2 million.

The Cream Finance incident shares some similarities to the recent Poly Network hack that unfolded last month. The incident became the largest crypto heist ever after a hacker stole $611 million, before returning the funds. The attacker said that they carried out the hack “for fun” and to expose a critical vulnerability. The major difference between the two instances is that Cream Finance’s hacker has kept a portion of the loot.

The team has not yet made an official statement to update the community.

Share this article

Loading...