A lending-focused decentralized finance platform has once again fallen victim to a devastating flash loan attack, resulting in the loss of millions of dollars’ worth of AMP tokens and cryptocurrency. This marks the second major attack on the platform, following a previous incident where cyber-thieves drained DeFi protocols Cream Finance and Alpha Finance of $37.5m.
In a flash loan attack, cyber-thieves exploit a loophole in the system by taking out a loan that requires no collateral – known as a flash loan – and using it to manipulate and exploit the markets for financial gain. The criminal borrows capital, uses it to carry out their malicious activities, and then pays back the loan in the same transaction.
The recent attack on Cream Finance was first reported by blockchain security firm PeckShield on social media. Researchers discovered that at least $6m had been drained from the platform at 5:44 UTC. Cream Finance later confirmed the theft in a tweet, stating that they had lost 418,311,571 in AMP tokens and 1,308.09 in ETH due to a reentrancy exploit on the AMP token contract. The platform took immediate action to halt the exploit by pausing supply and borrow on AMP, ensuring that no other markets were affected.
According to Coinspeaker, the flash loan attack on Cream Finance involved two cyber-thieves and a total of seventeen transactions, occurring in the early morning of August 30. This incident is just the latest in a series of flash loan attacks targeting DeFi platforms. In May, Pancakebunny, a DeFi yield farming aggregator, lost close to $3m in a similar attack. Shortly after, Binance Smart Chain DeFi project Bogged Finance fell victim to a $3m exploit.
These attacks highlight the ongoing challenges faced by DeFi platforms in ensuring the security of their protocols and protecting user funds. As the popularity of decentralized finance continues to grow, it is crucial for platforms to implement robust security measures and regularly audit their smart contracts to prevent future attacks. The DeFi community must remain vigilant and proactive in addressing these security threats to safeguard the integrity of the ecosystem.