Cream Finance lost $18.8 million in a flash loan attack and said it intends to repay the affected users.
Cream Finance will repay the affected users with protocol fees
Decentralized finance (DeFi) protocol Cream Finance experienced a flash loan attack two days ago, resulting in a loss of nearly $19 million. However, the protocol has conducted a post mortem and said it is committed to repaying the users that were affected by the attack.
In a Medium post a few hours ago, the DeFi protocol said, “We will be replacing the stolen ETH and stolen AMP so that there’s no liquidity issues for users. We will commit to allocating 20% of all protocol fees toward repayment until this debt is fully paid. In the meantime, we will post a CREAM collateral with the Flexa/AMP team to secure this debt.”
Cream Finance urged all affected users to come forward and fill out a form to claim their funds. The developers said they are committed to building innovative DeFi products.
Post mortem shows Cream Finance’s integration of AMP caused the exploit
Blockchain analytics firm PeckShield conducted a post mortem of the attack on behalf of Cream Finance. According to the post mortem, Cream Finance’s integration of the AMP is the point of fault in the system.
Cream Finance said, “With the assistance of PeckShield, we have determined that the root cause of the exploit was an error in the way C.R.E.A.M. Finance integrated AMP into our protocol. While unfortunate and disappointing, we take ownership of the error.”
The DeFi protocol added that there was the main exploit and a smaller copy-cat. The second hacker has a withdrawal history from Binance, and they are working with the cryptocurrency exchange to identify the attacker.