Hackers steal 3 billion yen worth of virtual currency from the DeFi platform, the damage amount of the same case is over 52 billion yen

It turns out that hackers have stolen $ 29 million worth of Ethereum (ETH) coins and AMP tokens from Cream, a decentralized finance (DeFi) platform.

Hackers steal $ 29 million from crypto-platform Cream Finance --The Record by Recorded Future
https://therecord.media/hackers-steal-29-million-from-crypto-platform-cream-finance/

CREAM v1 market on Ethereum has suffered an exploit, resulting in a loss of 418,311,571 in AMP and 1,308.09 in ETH, by way of reentrancy on the AMP token contract.

We have stopped the exploit by pausing supply and borrow on AMP. No other markets were affected.

— Cream Finance ???? (@CreamdotFinance) August 30, 2021

Speaking of hacking damage on decentralized financial platforms, the most recent case was that a total of over 68 billion yen of virtual currency was stolen from 'Poly Network' on August 10, 2021. At this time, the hacker sequentially returned the stolen virtual currency saying 'I am not very interested in money'. Eventually the full amount was returned.

According to security company PeckShield, the case of 'Cream' this time was a reentrant attack using 'flash loan' which is a very short-term loan through the function of DeFi. It is a known method that was also used in the case where about 5.2 billion yen was stolen from the investment fund 'The DAO' that occurred in 2016.

1/4 @CreamFinance was exploited in (one hack tx: https://t.co/JPW7e368qd ), leading to the gain of ~ $ 18.8M for the hacker.

— PeckShield Inc. (@peckshield) August 30, 2021

The Hack Is 2/4 Made Possible Due To A Reentrancy Bug Introduced By $ AMP , Which Is An ERC777-Like Token And Exploited To Re-Borrow Assets During Its Transfer Before Updating The First Borrow. Pic.Twitter.Com/oVg0w1FWFt

— PeckShield Inc. (@peckshield) August 30, 2021

3/4 Specifically, in the example tx, the hacker makes a flashloan of 500 ETH and deposit the funds as collateral. Then the hacker borrows 19M $ AMP and makes use of the reentrancy bug to re-borrow 355 ETH inside $ AMP token transfer (). Then The Hacker Self-Liquidates The Borrow. Pic.Twitter.Com/ryVX2RoxhJ

— PeckShield Inc. (@peckshield) August 30, 2021

According to CipherTrace, which analyzes the crypto economy, 76% of the hacking cases that occurred in 2021 are related to the DeFi platform, and the damage amounted to 474 million dollars (about 52 billion yen). That. Most of the attacks used the flash loan function as well as this time.

Cryptocurrency Crime and Anti-Money Laundering Report, August 2021 --CipherTrace
https://ciphertrace.com/cryptocurrency-crime-and-anti-money-laundering-report-august-2021/