The decentralized finance application has been exploited three times since going live in 2020.Read MoreCoinDesk
An attacker behind one of Cream Finance’s several exploits converted roughly $1.75 million in stolen funds on Monday, blockchain data shows. The address has now moved some 607 bitcoin in stolen funds so far since the exploits.
Tracking tool MistTrack showed the attack swapped over 1,000 ether to 80 renBTC, a representation of bitcoin on Ethereum, in the early hours of Monday. The attacker then converted the 80 renBTC to actual bitcoin.
The move came weeks after the same address converted stolen funds to more than 300 renBTC over several days in July. The attackers used the Ren Gateway, a bridge, to make these moves. Bridges are blockchain-based tools that allow users to send and receive tokens between different blockchains.
Requests to the Cream Finance team for comment regarding the movement of stolen funds were unanswered as of the time of writing.
The lending service was previously hit by multiple exploits – the latest being a $130 million attack in late 2021 – which damaged its reputation among crypto circles and contributed to a 94% decline of its native CREAM tokens. That attack was one of the first “flash loan” exploits in the crypto space, involving 68 different assets and costing over nine ether in gas.
Flash loans are a popular way for attackers to gain funds to conduct exploits on decentralized finance (DeFi) systems. Such loans allow traders to borrow unsecured funds from lenders using smart contracts instead of third parties.
In April, the Beanstalk stablecoin protocol was drained of $182 million in a flash loan attack, while June saw more than $1.2 million taken from Inverse Finance and July saw Nirvana drained of $3.5 million in a similar attack.
Cream had previously floated proposals to make those affected by the exploits whole. However, communication from the project’s developers has largely tapered off this year, with its social channels seldom posting updates.
DISCLOSURE
Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.