After a successful flash loan attack, the DeFi lending platform Cream Finance was hacked in August 2021, and the perpetrator fled with almost 19 million USD in AMP and ETH tokens. The money has now been refunded in part.
The DeFi security organization Lossless, which claims to have vast links inside the hacking world, was the driving force behind solving the case. Pascal Caversaccio, a white-hat hacker, eventually identified the perpetrator. Cream Finance contacted the attacker and requested that the stolen monies be returned, to which the attacker agreed.
Lossless also announced in a tweet on Monday that they are working on a hack-mitigation tool that would allow DeFi developers to block transactions for up to 24 hours until further investigations can be conducted.
Following the August 30th incident, Cream Finance said that they would repay all fee income losses. Although the DeFi platform has collected the majority of the stolen monies, a significant portion of the reimbursement will still be required.
To begin with, due to transaction costs, the breach has caused more harm than the attacker was able to steal. Cream Finance experienced a total loss of USD 27 million. Second, Lossless will be rewarded with 50% of the returned monies.
Finally, the attacker gets away with crypto-assets worth about USD 2 million. Immediately after the theft, Cream Finance awarded the hacker a bug bounty of 10% of the stolen monies. Even if the hacker has been discovered, the DeFi platform will keep this commitment, which is a modest price to pay for avoiding the inconvenience of criminal and civil action.
