Hacker Who Stole $9.6 Million From Crema Protocol Returns $8 Million

Posted on July 8, 2022 at 8:49 PM

Hacker Who Stole $9.6 Million From Crema Protocol Returns $8 Million

The Crema hacker that stole $9.6 million in cryptocurrencies has returned $8 million of the funds and kept $1.6 million based on the deal with the protocol. The hacker’s 45,455 Solana (SOL) is worth 16.7% of the entire funds stolen. The attack occurred on July 2 and forced the Crema protocol to shut down its service.

The security team at Crema started investigating the hacking incident in a bid to strike any possible deal and retrieve the funds from the hacker.

Hacker Retains 45,455 SOL As White Hat Bounty

The Crema team started investigating the hacker after monitoring their Discord deal and the main gas supply for the hacker’s address. Although the team was close to discovering her real identity, she stated that she was negotiating with the perpetrator.

After the negotiations, on July 6 the hacker released 23,967 SOL and 6,064 ETH, both of which are valued at around $8 million. “After a long negotiation, the hacker agreed to take 45455 SOL as the white hat bounty,” CremaFinance tweeted.

The stolen fund was sent by the hacker in a series of transactions on Solana and Ethereum networks. A small number of coins was used to verify the first transaction.

The Crema Attacker Took Out A Term Loan

The firm stated that the returned funds have been secured. It, however, noted that before the attack, the team had resubmitted a new code for audit, which guarantees that the same vulnerability will not be discovered again.

When the Crema community was waiting for news of the attack, the staff stated on Twitter that the attacker took out a term loan in the Solend DeFi lending protocol. This was included as liquidity on the Crema pool.

The Crema protocol developers had assured members that they will release in 48 hours a compensation plan to the users who were affected by the breach.

Hackers Show Increased Interests In DeFi Protocols

The attack on the Crema protocol is one of several attacks on decentralized finance (DeFi) platforms this year. They are drawing hackers because of the anonymous nature of the platforms, which allows users to take out loans.

The Crema protocol enables liquidity providers to set specific price ranges, carry out range order trading, and add single-sided liquidity. It sets the stage for a decentralized and sophisticated trading system, but it has not prevented hackers from exploring such systems. Although they are traditionally built with strong security to keep funds safe, threat actors could find vulnerabilities they can explore, which puts the funds at risk.

The vulnerability allowed the threat actor to create a bogus tick account on Crema. This is a dedicated account that stores price tick data in CLMM. Once the fake account is created, the threat actor exploited a command by circumventing security measures and writing the data on the fake account. After the hacker has successfully dodged the security system put in place, they used a flash loan to manipulate the asset prices on liquidity pools. As a result, this enabled the threat actor to claim a large amount from the pool.

Affected Users Will Be Contacted With Compensation Plan On July 8

The Crema developers admitted that it was a tough day for the platform to discover that a crypto heist has occurred on the protocol. The developers didn’t hesitate to share details of what went wrong and how the attackers were able to succeed. The platform assured users that all the information shared with them regarding the situation is accurate and transparent.

The firm added that the Crema protocol will be restored and launched after they have completed the investigation and audit. The team says it will release the compensation plan for all affected users on July 8.

The team has also submitted a new code base as it plans to beef up its security infrastructure to prevent a further attack on the protocol. “Crema’s protocol will go live again after the new audit is completed,” the company stated.

Crema would be happy to negotiate with the hacker to return most of the stolen crypto funds considering that several other protocols that were victims weren’t so lucky. In most cases, once the fund is stolen there is little hope of getting most f them back. Earlier this year when another DeFi protocol Harmoney was a victim of a $10 million crypto heist, the hacker refused to take the $1 million bounties offered by the platform.

Summary
Hacker Who Stole $9.6 Million From Crema Protocol Returns $8 Million
Article Name
Hacker Who Stole $9.6 Million From Crema Protocol Returns $8 Million
Description
The Crema hacker that stole $9.6 million in cryptocurrencies has returned $8 million of the funds and kept $1.6 million based on the deal with the protocol. The hacker’s 45,455 Solana (SOL) is worth 16.7% of the entire funds stolen. The attack occurred on July 2 and forced the Crema protocol to shut down its service.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Aug 30, 2023
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings
Aug 22, 2023
High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs
Koddos

Newsletter

Get the latest stories straight
into your inbox!

Popular Articles

Aug 30, 2023
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings
Aug 29, 2023
Compromised routers allowed online criminals to target Pentagon contract site
Aug 28, 2023
1.2 million customers of Mom’s Meals were affected after the recent data breach
Aug 28, 2023
How VPNs Can Defend Against the Threat of Hacking
Aug 23, 2023
Terra Developers Shut Down Website Amid A Phishing Campaign

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading