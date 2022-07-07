Days after it suffered a major exploit that resulted in over $9 million being stolen, concentrated liquidity pool Crema Finance today announced that after intense negotiations, the hacker agreed to return most of the funds for a $1.6m bounty
Days after it suffered a major exploit that resulted in over $9 million being stolen, concentrated liquidity pool Crema Finance Thursday announced that after intense negotiations, the hacker agreed to return most of the funds for a $1.6m bounty.
The hacker, on June 3, had stolen 69,422.9 SOL and 6,497,738 USDC stablecoin, worth about $9m at the time of the hack.
Modus operandi
According to the company, the hacker lent a flash loan on the Solend decentralized finance protocol to add liquidity on Crema to positions.
The hacker then replaced authentic transaction fee data with forged data to claim a huge fee amount, worth about 9m from the pool, to which the loan was lent. To minimize the impact, Crema suspended its smart contract after the exploit.
Hacker about to be unmasked
Crema, along with agencies, then initiated an investigation to ascertain the hacker’s identity. The original gas source of the hacker was traced, their discord handle was identified and the movements of funds were being closely monitored.
Simultaneously, Crema sent an on-chain message to the hacker and offered them to become a “white hat" (ethical hacker) and accept a bounty or face legal action.
“After a long negotiation, the hacker agreed to take 45,455 SOL as the white hat bounty. Now we have confirmed the receipt of 6064 ETH + 23967.9 SOL in four transactions," Crema stated.
The company is unlikely to take legal action against the hacker since the stolen money has been returned.
Cross-chain bridges under attack
Recently, Layer 1 blockchain protocol Harmony Protocol suffered a theft on the Horizon bridge amounting to around $100m in which tokens including Wrapped Ethereum (WETH), AAVE, SUSHI, DAI, Tether (USDT), and USD Coin were stolen.
The hacker rejected a $1m bounty offered as part of negotiations.
Cross-chain bridges have recently been attacked a number of times by hackers. In January this year, Qubit Finance’s bridge was hacked for $80m and a month later, bad actors stole $320m from the Wormhole bridge. In March, $622m worth of Ethereum and USDC were stolen from Axie Infinity’s Ronin bridge.
Cross-chain bridges have recently been attacked a number of times by hackers. In January this year, Qubit Finance’s bridge was hacked for $80m and a month later, bad actors stole $320m from the Wormhole bridge. In March, $622m worth of Ethereum and USDC were stolen from Axie Infinity’s Ronin bridge.