FEATURED
What do should know of the Crema Finance hack
On Sunday the 3rd of July, Crema Finance suffered from a flash loan exploit.
This concentrated liquidity protocol on Solana was hacked for nearly $9 million (~69,422.9 SOL and 6,497,738 USDC) as the exploit drained funds from multiple liquidity pools.
According to a recent update from Crema Finance, the attacker the stolen funds following a negotiation. (the hacker was allowed to keep 45,455 SOL as a bounty reward).
But nevertheless, we’ll walk you through how the exploit happened.
Now, prior to Crema Finance hack, the Solana ecosystem had already suffered five hack attacks in 2022 Q1 at the cost of $397 million. There’s the Wormhole hack that was the most significant. The solana ecosystem lost $334 million. Also, this year, hackers carted away over $52 million through the hack of Cashio.
Crema Finance is a relatively new protocol, and should not be confused with CREAM finance. Before we stray, let’s take a look at what Crema Finance really does.
What Is Crema Finance?
Crema Finance is a DeFi protocol on the Solana Network. The protocol allows users to provide liquidity and in return get high returns. Crema markets itself as having protection from impermanent loss and greater efficiency than other DeFi protocols.
It deployed the first concentrated liquidity market maker (CLMM) algorithm on Solana mainnet that allows users to add liquidity within their specified price ranges. This provides superior performance for both protocols, institutions, traders, and liquidity providers.
The protocol is less than 6 months old and had just executed a presale of its own token, $CRM. $CRM has 3 major utilities: staking, boosting, and governance. When you stake $CRM you receive a $veCRM. $veCRM allows for boosting liquidity mining APR, a cut from the transaction fees, and the ability to vote & make proposals.
Crema offers a concentrated liquidity market maker (CLMM) that uses an augmented algorithm to drive decentralized trading. CLMM ‘allows liquidity providers to set specific price ranges, add single-sided liquidity and do range order trading’. It redefines the capital efficiency and trading depth on Solana.
So, What Happened In Crema Finance Hack?
A lot of on-chain sleuth work has been done, and details indicate that the hacker activated six flash loans on Solend protocol to drain the stablecoins. Now, if you remember correctly, Solend has had its own troubles. Especially from that time when they voted to seize a whales wallet.
After getting the flash loans, the hacker created a fake tick account. (Note – Tick accounts store price tick data in the concentrated liquidity market maker (CLMM) algorithm).
After creating the fake tick account, the hacker circumvented the routine checks set up by Crema Finance by writing the initialized tick address of the pool into the fake account.
For the next step, the hacker deployed a contract and used it to lend a flash loan from Solend to add liquidity on Crema to open positions. By doing this, the attacker could change the pool’s transaction fee, as the CLMM relies on data from the tick account. The attacker could now swap in fake fee data and claim a huge fee amount out from the pool.
After claiming the fees, the hacker swapped the stolen fund into 69422.9SOL and 6,497,738 USDC via the Jupiter protocol. The USDC was then bridged to the Ethereum network via Wormhole and swapped to 6064ETH via Uniswap after that.
Crema Finance Suspends Contract
To minimize the impact, the Crema team had to suspend their smart contract and try to protect the remaining user’s funds.
Currently, the protocol is working with blockchain security institutes to track where the funds go. But once the contract is fixed, the Crema Finance dev team will turn the smart contract back on.
Negotiation
After the hack, the team tried to negotiate with the hacker by sending an on-chain message that offered a bounty reward. The next day, there was an on-chain reply from the hacker who said: “Crema team, since you are trying to reach me to negotiate, let’s chat.”
After a long negotiation, the hacker agreed to take 45455 SOL as the white hat bounty. We have confirmed the receipts in four transactions indicated below.
Conclusion
In summary, the exploiter found a vulnerability in its tick size and activated six flash loans worth around $8.78 millon. Then they got contacted by the Crema finance dev team. After negotiations, the Crema finance Hacker returned 6064 $ETH + 23967.9 $SOL and kept 45455 $SOL as a White Hat.
This is exactly what has been going on for months now. Crema Finance is another Solana protocol with issues. It is just a continuing trend of poor news for the Solana ecosystem. A network that is now famous for its downtime.
Already, the Crema Finance team has labeled the perpetrator as a “white hat,” a term given to ethical hackers. This means it is unlikely that Crema Finance will take any legal action against the still-unknown hacker.
What do you think of this article? Share your comments below.
