A lending-focused decentralized finance platform has recently been the victim of a second flash loan attack, resulting in the loss of millions of dollars’ worth of AMP tokens and cryptocurrency. This type of attack involves a cyber-thief taking out a loan with no collateral, known as a flash loan, to manipulate the markets for financial gain before repaying the borrowed capital in the same transaction.
Cream Finance, a DeFi protocol that was previously targeted in a $37.5 million attack back in February, has now suffered a loss of millions of AMP tokens and over a thousand ether worth more than $25 million in a similar exploit. The incident was reported by blockchain security firm PeckShield on social media, who noticed suspicious Ethereum records showing a $6 million drain at 5:44 UTC.
Cream Finance confirmed the theft in a tweet, stating that their Ethereum v1 market had experienced an exploit resulting in the loss of 418,311,571 AMP tokens and 1,308.09 ETH due to reentrancy on the AMP token contract. The platform took immediate action by pausing supply and borrow on AMP to stop the exploit, assuring users that no other markets were affected.
According to reports, the flash loan attack took place on August 30 and involved two cyber-thieves conducting a total of seventeen transactions. This is not the first time a DeFi platform has fallen victim to such attacks, as evidenced by previous incidents involving Pancakebunny losing $3 million in May and Bogged Finance losing the same amount in a separate attack on Binance Smart Chain.
As the DeFi space continues to attract attention and investment, security vulnerabilities like flash loan attacks pose a significant risk to users and platforms alike. It is crucial for DeFi projects to prioritize security measures and audits to prevent such exploits and protect user funds from malicious actors.