Cream Finance launches $1.5M bug bounty to improve DeFi security

Published at: April 20, 2021

Decentralized lending protocol Cream Finance is backing another major effort to improve the security of decentralized finance.

On Tuesday, Cream Finance announced a new security campaign in collaboration with several DeFi platforms like Immunefi, Armor and DeFiSafety to bring stronger security to its protocol and the wider DeFi ecosystem.

As part of the campaign, Cream Finance is launching a $1.5 million bug bounty program with blockchain bounty platform Immunefi to strengthen Cream’s protocol, API and website security.

The new bug bounty will focus on Cream Finance’s smart contracts and the prevention of potential exploits against user funds, assets and data breach vulnerabilities. The bounty rewards will be distributed in accordance with a five-level scale described in Immunefi’s vulnerability severity classification system.

Alongside the bug bounty, Cream Finance will also work with DeFi smart cover aggregator Armor to provide users with the ability to insure their funds against a hack. 

“Security is the key to maturing the decentralized finance ecosystem and bringing emerging financial technology to more users across the globe. We are delivering increased project transparency through DeFiSafety, preventing hacks with Immunefi, and providing a clear path for users to buy insurance coverage with Armor.fi,” Cream Finance co-founder and project lead Leo Cheng stated.

Cheng said that it’s impossible to avoid vulnerabilities in new technologies like DeFi, but it’s important to minimize the risks:

“There are risks, eggs will be and have been broken. We’re determined more than ever to seek out innovations on both capital efficiency and safety measures. As with all new technologies, there will be more vulnerabilities along the way. The key is to minimize the impacts that these bumps on the road will bring while maximizing the benefits.”

The DeFi sector was a major target for cryptocurrency hacks last year, accounting for 50% of total losses from thefts and hacks in the crypto industry in the second half of 2020. Due to its decentralized nature and unregulated status, the DeFi ecosystem is more attractive to hackers than centralized crypto exchanges, with non-DeFi crypto crimes dropping nearly 60% in 2020.

Tags
Related Posts
​​Cream Finance DeFi platform loses $19M in a flash loan hack
Cream Finance, a major decentralized finance (DeFi) protocol focused on lending, has suffered a severe exploit, with a hacker stealing nearly $19 million from its platform. An unknown hacker has managed to gain $18.8 million in the latest flash loan exploit of the Cream Finance protocol through a reentrancy bug introduced by the Amp token, according to an investigation by blockchain security firm PeckShield. Announcing the news Monday, Cream Finance said that the protocol has stopped the exploit by pausing supply and borrow contracts on the Amp token. “No other markets were affected,” Cream Finance stated. C.R.E.A.M. v1 market on …
Decentralization / Aug. 30, 2021
The perfect storm: DeFi hacks will advance the crypto sector moving forward
The rise of decentralized finance, or DeFi, could be paving the way toward a fully decentralized financial ecosystem. Yet, given the innovative nature of DeFi, the sector remains in constant development and is therefore prone to a number of vulnerabilities. Unsurprisingly, one of the biggest challenges currently facing the DeFi sector is security threats. This has become apparent as more DeFi hacks continue to wreak havoc across the crypto community. Most recently, the largest DeFi hack within the crypto industry took place. The Poly Network hack resulted in over $600 million dollars removed, and then returned, from Binance Chain, Ethereum …
Decentralization / Aug. 17, 2021
Poly Network hacker appears ready to return stolen funds
Following a massive $600-million exploit of cross-chain protocol Poly Network, the Poly Network hacker has claimed his willingness to return the stolen cryptocurrency funds. At about 4:00 am UTC on Wednesday, the hacker sent an Ethereum transaction to themselves, stating that they were “ready to return the fund” in an embedded transaction message. In a subsequent message, the hacker asked for a multisig wallet address to return the funds to Poly Network. “Failed to contact the poly. I need a secured multisig wallet from you,” the hacker noted. Poly Network’s Twitter account posted an update on Wednesday, providing three separate …
Decentralization / Aug. 11, 2021
The radical need for updating blockchain security protocols
Decentralized finance (DeFi) is here to stay with over $100 billion in total value locked (TVL), highlighting the evidence of faith in these new financial tools. This investment will continue to increase, but it appears that with each new record in TVL, there is another network attack being reported with astronomical losses. Crypto crime dropped 57% in 2020, but DeFi hacks surged, costing companies and investors billions of U.S. dollars. In March alone, there were several attacks within just a five-day period, with Paid Network losing $180 million. Later in May, PancakeBunny lost more than $200 million in a flash …
Decentralization / June 25, 2021
The importance of decentralized oracles: Interview with Sergey Nazarov
Chainlink co-founder Sergey Nazarov believes that increasing the decentralization and scalability of oracle technologies are key to ensure trust in the DeFi ecosystem. Oracles play a key role in the correct functioning of DeFI protocols by connecting them to real-world data. However, the trustworthiness of oracles becomes compromised in instances where they rely on a single data source to retrieve information. For instance, according to Nazarov, excessively centralized oracles enabled five recent flash loan attacks, which resulted in DeFi protocols losing around $40 million. Flash loans, a form of loan that does not require any collateral, can be used to …
Decentralization / Dec. 19, 2020