Cream Finance Suffers Third Flash Loan Exploit in 2021, Loses $130 Million

Share Article
In Brief
  • The Cream Finance team has identified the flaws and patched them, and will release a postmortem soon.

  • This is the third and largest flash loan exploit Cream Finance has experienced in 2021.

  • DeFi market continues to be a major target for attackers, with the sector losing record sums via thefts in 2021.

  • promo

    The World Needs a STAGE: Discover Music 3.0 Read now!

The Trust Project is an international consortium of news organizations building standards of transparency.

Cream Finance has suffered yet another flash loan exploit, its third of the year, this time losing $130 million. The attacker used the lending markets on Ethereum C.R.E.A.M v1 to manipulate the price of yUSD and make off with the funds.

Cream Finance revealed on Oct 27 that it was subject to another hack. The team announced that they were investigating an exploit on C.R.E.A.M v1 on Ethereum, following up later with additional details on the incident. However, the team is yet to release a postmortem on the matter.

The lending markets on C.R.E.A.M v1 were exploited with the liquidity of $130 million stolen by the attacker using this address. The team has already identified the flaw and patched it, working with Yearn.Finance to do so. It has also paused the lending markets and is forming a postmortem on the incident.

The crypto community has not gone easy on Cream Finance, providing some insight into how the hacker cleverly executed the attack. Some developers pointed out that the attacker had left messages, with these messages saying that Aave and Iron Bank were “lucky.” The attacker even blatantly named the smart contract used as “Cream Finance Flash Loan Exploiter.”

Until the postmortem arrives, there will be little information on the matter. BlockSec, a blockchain security team, conducted an initial analysis of the attack, which shows how the hacker used the lending markets to manipulate the price of yUSD.

The attacker does not seem to have been identified, and users will be concerned about the exploit. This is not the first time Cream Finance has been exploited and is a reminder that some of the market’s most well-known DeFi protocols are still vulnerable.

Not the first Cream Finance hack, not the last DeFi hack

Cream Finance has suffered multiple attacks in the past, with the most recent occurring through a $25 million flash loan attack in late August 2021. That was the second of the now-three attacks that have occurred in 2021, with the first occurring in February that saw $37.5 million stolen.

Such incidents further put the spotlight on the security of DeFi protocols, which have long been the target of attackers. The popularity of DeFi platforms and the complexity of their design make the sector a lucrative target for tech-savvy attackers.

Cryptocurrency intelligence firm CipherTrade released a report in August 2021 that showed the DeFi market saw a record loss from attacks in 2021, totaling approximately $474 million between January and July 2021. Such attacks do not always spell doom and gloom for affected DeFi protocols, as several have recovered following such incidents.


All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

Rahul's cryptocurrency journey first began in 2014. With a postgraduate degree in finance, he was among the few that first recognized the sheer untapped potential of decentralized technologies. Since then, he has guided a number of startups to navigate the complex digital marketing and media outreach landscapes. His work has even influenced distinguished cryptocurrency exchanges and DeFi platforms worth millions of dollars.

Follow Author

The World Needs a STAGE: Discover Music 3.0      

Read now Startup – Leading Blockchain Project Discount Platform for Startups

Read now

Poloniex Exchange Debuts in NFT and Metaverse

Read Now