Posted on July 8, 2022 at 8:49 PM
The Crema hacker that stole $9.6 million in cryptocurrencies has returned $8 million of the funds and kept $1.6 million based on the deal with the protocol. The hacker’s 45,455 Solana (SOL) is worth 16.7% of the entire funds stolen. The attack occurred on July 2 and forced the Crema protocol to shut down its service.
The security team at Crema started investigating the hacking incident in a bid to strike any possible deal and retrieve the funds from the hacker.
Hacker Retains 45,455 SOL As White Hat Bounty
The Crema team started investigating the hacker after monitoring their Discord deal and the main gas supply for the hacker’s address. Although the team was close to discovering her real identity, she stated that she was negotiating with the perpetrator.
After the negotiations, on July 6 the hacker released 23,967 SOL and 6,064 ETH, both of which are valued at around $8 million. “After a long negotiation, the hacker agreed to take 45455 SOL as the white hat bounty,” CremaFinance tweeted.
The stolen fund was sent by the hacker in a series of transactions on Solana and Ethereum networks. A small number of coins was used to verify the first transaction.
The Crema Attacker Took Out A Term Loan
The firm stated that the returned funds have been secured. It, however, noted that before the attack, the team had resubmitted a new code for audit, which guarantees that the same vulnerability will not be discovered again.
When the Crema community was waiting for news of the attack, the staff stated on Twitter that the attacker took out a term loan in the Solend DeFi lending protocol. This was included as liquidity on the Crema pool.
The Crema protocol developers had assured members that they will release in 48 hours a compensation plan to the users who were affected by the breach.
Hackers Show Increased Interests In DeFi Protocols
The attack on the Crema protocol is one of several attacks on decentralized finance (DeFi) platforms this year. They are drawing hackers because of the anonymous nature of the platforms, which allows users to take out loans.
The Crema protocol enables liquidity providers to set specific price ranges, carry out range order trading, and add single-sided liquidity. It sets the stage for a decentralized and sophisticated trading system, but it has not prevented hackers from exploring such systems. Although they are traditionally built with strong security to keep funds safe, threat actors could find vulnerabilities they can explore, which puts the funds at risk.
The vulnerability allowed the threat actor to create a bogus tick account on Crema. This is a dedicated account that stores price tick data in CLMM. Once the fake account is created, the threat actor exploited a command by circumventing security measures and writing the data on the fake account. After the hacker has successfully dodged the security system put in place, they used a flash loan to manipulate the asset prices on liquidity pools. As a result, this enabled the threat actor to claim a large amount from the pool.
Affected Users Will Be Contacted With Compensation Plan On July 8
The Crema developers admitted that it was a tough day for the platform to discover that a crypto heist has occurred on the protocol. The developers didn’t hesitate to share details of what went wrong and how the attackers were able to succeed. The platform assured users that all the information shared with them regarding the situation is accurate and transparent.
The firm added that the Crema protocol will be restored and launched after they have completed the investigation and audit. The team says it will release the compensation plan for all affected users on July 8.
The team has also submitted a new code base as it plans to beef up its security infrastructure to prevent a further attack on the protocol. “Crema’s protocol will go live again after the new audit is completed,” the company stated.
Crema would be happy to negotiate with the hacker to return most of the stolen crypto funds considering that several other protocols that were victims weren’t so lucky. In most cases, once the fund is stolen there is little hope of getting most f them back. Earlier this year when another DeFi protocol Harmoney was a victim of a $10 million crypto heist, the hacker refused to take the $1 million bounties offered by the platform.