Crema hacker returns $8M, keeps $1.6M in deal with protocol

Published at: July 7, 2022

The hacker who exploited Solana-based liquidity protocol Crema Finance on July 2 returned most of the funds but was allowed to keep $1.6 million as a white hat bounty.

The bounty, 45,455 Solana (SOL), is worth a generous 16.7% of the $9.6 million Crema lost initially, which forced the protocol to suspend services.

Crema’s team began an investigation to identify the hacker by tracking their Discord handle and tracing the original gas source for the hacker’s address. Just as it seemed the team may have been onto the secret identity, it announced that it had been negotiating with the hacker. On Wednesday, the hacker returned 6,064 Ether (ETH) and 23,967 SOL worth roughly $8 million.

After a long negotiation, the hacker agreed to take 45455 SOL as the white hat bounty. Now we have confirmed the receipt of 6064 ETH + 23967.9 SOL in four transactions indicated below. A follow-up compensation plan will be released in 48h.

— CremaFinance (@Crema_Finance) July 6, 2022

The hacker returned the funds in a series of transactions on Ethereum and Solana networks. The first transaction on each network was a test with a negligible amount of coins, while the following was worth the majority of the funds sent.

Users of Crema and the team have reason to rest easier now that the funds have been secured, but there is still work to do. The team announced on Tuesday before the deal had been reached, that it submitted new code for auditing to ensure that the same exploit did not happen again.

Although the community awaits an official post-mortem on the attack, the Crema team outlined what happened in a Sunday thread on Twitter. The attacker took out a flash loan from the Solend decentralized finance (DeFi) lending protocol, which was added as liquidity to a Crema pool.

The hacker then fabricated pricing data to make it seem as though they were owed a much bigger reward than they should have. This allowed them to take “a huge fee amount,” worth about $9.6 million from the pool to, which they added the flash loan.

Related: Dutch University set to recover more than twice the paid BTC ransom in 2019

The Crema protocol will be back up and running after the audit is complete, according to the team’s tweet. The team will also issue a compensation plan for affected users by July 8.

Crema is lucky to have recovered as much of the funds as it did, considering the calamity that befell the Horizon Bridge on Harmony last month. A hacker stole $100 million in crypto from Harmony’s token bridge and rejected the $1 million white hat bounty to return the funds.

Tags
Related Posts
Immunefi partners with Binance Smart Chain on bug bounties to secure BSC projects
Immunefi, a security service outfit that specialized in decentralized finance (DeFi) projects, has inked a collaboration with the Binance Smart Chain. According to a release issued on Friday, Immunefi will work in collaboration with BSC to improve the security of projects on the Binance chain. As part of the partnership, ethical hackers who take part in a campaign to discover vulnerabilities in BSC-based projects will earn rewards. As a security outfit, Immunefi has reportedly paid more than $3 million in bug bounties to ethical hackers. Major BSC protocols such as PancakeSwap, DODO, and Zapper among others are already deploying the …
Blockchain / July 9, 2021
Finance Redefined: Two DeFi hacks top $120M, and $500M Algo Fund launches, Nov. 26–Dec. 3
Welcome to the latest edition of Cointelegraph’s decentralized finance newsletter. A week packed with positive advancements in the DeFi space including nine-figure fund raises, successful product launches and soaring token prices was somewhat tarnished by the news of two severe security exploits. Read on to get the full scope of developments across the week. What you’re about to read is the smaller version of this newsletter designed for brevity. For the full version of DeFi’s developments over the last week, drop your email below. Borderless Capital launches $500M fund to support Algorand ecosystem Capital venture firm Borderless Capital announced the …
Decentralization / Dec. 3, 2021
Finance Redefined: Wonderland reveal and Wormhole hacked, Jan. 28–Feb. 4
Welcome to the latest edition of Cointelegraph’s decentralized finance newsletter. It’s been a tumultuous week of doxxing, hacks, bailouts and new highs in the decentralized finance space. Read on to recap the most impactful stories of the last seven days. This article represents a conspectus of the full email newsletter. For the full edition, sign up via the box below. Wonderland lost in no mans amid Sifu saga Following the revelatory identification of previously anonymous QuadrigaCX co-founder Michael Patryn as the founder of DeFi protocol Wonderland — known on social media as @0xSifu — a subsequent community vote decided upon …
Blockchain / Feb. 4, 2022
1Password integrates security API into Phantom Wallet
Digital security service 1Password has announced a collaborative partnership with Phantom Wallet to enable asset holders to amalgamate their vast accumulations of public key addresses, seed phrases and other corresponding security details into a single ‘Save in 1Password’ system. Operating primarily in the traditional financial sector at this time, 1Password has over 100,000 corporate clients from a panoply of industries, including well-recognized brands like IBM, Slack, Shopify and Under Armour. The application programming interface (API) of 1Password aims to simplify the user experience, enable asset sovereignty and assign portfolio responsibility to help investors sufficiently manage their cryptocurrencies and nonfungible tokens …
Blockchain / Feb. 22, 2022
Cross-chains in the crosshairs: Hacks call for better defense mechanisms
2022 has been a lucrative year for hackers preying on the nascent Web3 and decentralized finance (DeFi) spaces, with more than $2 billion worth of cryptocurrency fleeced in several high-profile hacks to date. Cross-chain protocols have been particularly hard hit, with Axie Infinity’s $650 million Ronin Bridge hack accounting for a significant portion of stolen funds this year. The pillaging continued into the second half of 2022 as cross-chain platform Nomad saw $190 million drained from wallets. The Solana ecosystem was the next target, with hackers gaining access to private keys of some 8000 wallets that resulted in $5 million …
Blockchain / Aug. 11, 2022