Ultimate magazine theme for WordPress.

Cream Finance Exploit moves funds over 16 months after hack

Cream Finance’s exploiter is moving funds more than 16 months after it hacked the DeFi protocol and has stolen over $136 million in various crypto assets.

Cream Finance Exploiter transfers funds

According to CertiK, a blockchain analytics platform, the exploiter moved 365.69 ETH worth about $600,000 to a new address at spot rates. The amount is part of over $136 million in tokens stolen in late October 2021.

#CertiKSkynetAlert 🚨

Cream Finance Exploiter 0x70747df6ac244979a2ae9ca1e1a82899d02bbea4 sent ~$600,000 (365.69 ETH) to address 0x4648451b5f87ff8f0f7d622bd40574bb97e25980

Stay alert! pic.twitter.com/IpFdzctstp

— CertiK Alert (@CertiKAlert) January 30, 2023

Funds have been moved to another address. What the hacker intends to do with the $600,000 is still unclear. Cream Finance is a blockchain-agnostic DeFi protocol deployed on Ethereum, Fantom, Polygon and the BNB Smart Chain (BSC).

It was forked from Compound, a competing lending platform, and remains open source. Cream Finance offers a wide range of services including lending, yield farming and token exchange. Cream Finance’s governance token, CREAM, is changing hands at $12.83 on Jan. 30.

The price of CREAM with some gains on the daily chart. Source: CREAMUSDT trade view

In crypto, addresses with stolen funds are always marked and therefore corrupted. It makes it difficult for hackers to launder stolen funds on centralized exchanges or other platforms without being identified. The platforms’ decision to act together against money laundering by crypto and DeFi hackers is bearing fruit.

These platforms, mostly centralized exchanges like Binance, Coinbase or Huobi, allow users to buy fiat currencies including USD, JPY or Euro and are compliant with applicable Know-Your-Customer (KYC) and Anti-Money Laundering (AML) regulations ) Rules. This means agents attempting to launder money through these portals can be tracked down in the real world and prosecuted.

By selecting this transfer, CertiK is informing the crypto and DeFi community that the perpetrator of the hack is still active and trying to mix funds across different addresses. However, given the transparency of the underlying blockchains, including Ethereum, it is easy to track transactions despite the sender’s private identity. Any mistake on the hacker’s end could result in their IP address being exposed or their identity decrypted, putting them in the custody of law enforcement officials.

To counter this possibility and cover their tracks, hackers use crypto mixers like Tornado Cash. Although the United States Department of Treasury prohibits citizens from using blenders like Tornado Cash, users still prefer the tool. Many users are hackers who want to withdraw funds anonymously.

DeFi under fire

At the end of October 2021, Cream Finance was hacked for over $136 million. The hacker targeted the protocol’s v1 lending market and stole several ERC-20 tokens and CREAM governance tokens. Through a series of flash loans, the attacker manipulated the protocol’s rate of return, allowing more assets to be lent than were collateralised.

The attack was the protocol’s third in 2021 and challenged the security of DeFi dApps against determined attackers, some of whom may be sponsored by governments such as North Korea. In mid-January, the Lazarus Group, a hacking group linked to North Korea, attempted to launder $63.5 million.

We have discovered a Harmony One hacker fund movement. They previously attempted to launder through Binance and we froze his accounts. This time he used Huobi. We helped the Huobi team freeze their accounts. A total of 124 BTC was recovered. CeFi helps keep DeFi #SAFU! 🙏

— CZ 🔶 Binance (@cz_binance) January 16, 2023

However, Binance and Huobi have singled out their remittances and frozen assets. The funds were part of the amount stolen in the Harmony Bridge hack.

Learn Crypto Trading, Yield Farms, Income strategies and more at CrytoAnswers

Comments are closed.

%d bloggers like this: