• C.R.E.A.M. Finance has been hacked and promises to reimburse users with protocol fees as well as a 10% bounty bug

  • Cream Finance, the popular DeFi protocol that was the latest victim of a hack earlier this week, will allocate 20% of all fees it charges to repay the affected customers.

    In addition, the project has offered a bug bounty to the as-yet-unidentified perpetrators, as well as up to 50% for third parties who can help recover the funds.

    What Has Been Happening to Cream?

    Cream Finance, a permissionless, open-source, blockchain agnostic platform, was exploited for the second time in six months, as we reported earlier this week. According to estimates at the time, the unknown attackers had stolen around $25 million in ETH and AMP.

    However, on September 1st, the project provided an update with a different figure.

    “CREAM Finance was exploited for 462,079,976 AMP tokens and 2,804.96 ETH tokens at approximately 12 p.m. on August 31st (UTC +8).”

    According to today’s prices, the hackers stole around $35 million. They accomplished this through two separate transactions: the primary exploiter and a smaller copycat. The second wallet, according to Cream, has a Binance withdrawal history, and the two parties are working together to identify the attackers.

    PeckShield and the DeFi project collaborated to determine that the root cause was an error in the AMP integration process. It wasn’t a problem with AMP’s code, as some previous evaluations claimed.

    Cream has temporarily suspended AMP supply and borrowing services, promising to resume them once a “patch can be safely deployed.”

    Bug Bounty and Reimbursements

    The group promised to reimburse all users whose funds were stolen as a result of the hack. Cream has pledged to “allocate 20% of all protocol fees toward repayment until this debt is fully paid” in order to do so.

    To secure the debt, the team also stated that it will post Cream collateral with the Flexa/A.M.P. team.

    Separately, the DeFi project offered the hackers a ten percent bug bounty plus a ten percent bonus on the stolen funds if they returned them.

    Cream promised to share 50 percent of the recovered funds if a third party is able to identify and provide valuable information “leading to the arrest and prosecution” of the perpetrators. Finally, the team stated that it has contacted “responsible authorities” to “pursue all avenues available to us.”

    What's your reaction?