The DeFi protocol Cream Finance suffered yet another 2021 hack in an exploit that stole at least $130 million and could be one of the largest thefts in decentralized finance.
The attack on the Ethereum-based lending protocol was first reported by The Block Crypto, which cited a tweet by PeckShield highlighting a large flash-loan transaction that carried out the theft.
The burgeoning DeFi landscape has drawn in billions of dollars in investor funds, but it has been a frequent target by hackers, with many using flash loans, a type of uncollateralized lending, as a way to exploit poorly protected protocols.
Cream was involved in similar attacks that stole nearly $38 million in February and almost $19 million in August, according to The Block. Meanwhile, a hacker stole $600 million worth of crypto tokens from the PolyNetwork protocol in August in what is considered to be the largest DeFi hack ever.
“This unfortunately highlights one of the Big Three risks in DeFi right now,” said Stephane Ouellette, chief executive and co-founder of FRNT Financial, a crypto-focused capital-markets platform. “First, tokens representing very new projects are trading at very large, arguably inflated valuations. Two, the overwhelming majority of the platforms are within a year old, which implies unproven technology.” Third, the Gensler-led SEC appears to want to regulate these protocols like centralized cryptocurrency lenders like BlockFi and Celsius, which are currently having their regulatory structures challenged in several U.S. States, said Ouellette.
Cream’s token plummeted 26% on Wednesday to its lowest since late May, according to CoinMarketCap data.
Cream Finance tweeted that it is currently investigating the exploit and will share updates as soon as they are available. Representatives did not immediately respond to a request for comment.