Crema hacker returns $8M, keeps $1.6M in deal with protocol

The hacker who exploited Solana-based liquidity protocol Crema Finance on July 2 returned most of the funds but was allowed to keep $1.6 million as a white hat bounty.

The bounty, 45,455 Solana (SOL), is worth a generous 16.7% of the $9.6 million Crema lost initially, which forced the protocol to suspend services.

Crema’s team began an investigation to identify the hacker by tracking their Discord handle and tracing the original gas source for the hacker’s address. Just as it seemed the team may have been onto the secret identity, it announced that it had been negotiating with the hacker. On July 6, the hacker returned 6,064 Ether (ETH) and 23,967 SOL worth roughly $8 million.

The hacker returned the funds in a series of transactions on Ethereum and Solana networks. The first transaction on each network was a test with a negligible amount of coins, while the following was worth the majority of the funds sent.

Users of Crema and the team have reason to rest easier now that the funds have been secured, but there is still work to do. The team announced on July 5, before the deal had been reached, that it submitted new code for auditing to ensure that the same exploit did not happen again.

Although the community awaits an official post-mortem on the attack, the Crema team outlined what happened in a July 3 thread on Twitter. The attacker took out a flash loan from the Solend decentralized finance (DeFi) lending protocol, which was added as liquidity to a Crema pool.

The hacker then fabricated pricing data to make it seem as though they were owed a much bigger reward than they should have. This allowed them to take “a huge fee amount” worth about $9.6 million from the pool to which they added the flash loan.

Related: Dutch University set to recover more than twice the paid BTC ransom in 2019

The Crema protocol will be back up and running after the audit is complete, according to the team’s tweet. The team will also issue a compensation plan for affected users by July 8.

Crema is lucky to have recovered as much funds as it did, considering the calamity that befell the Horizon Bridge on Harmony last month. A hacker stole $100 million in crypto from Harmony’s token bridge and rejected the $1 million white hat bounty to return the funds.

All Dutch and English crypto news!

Is it foolish to expect a massive Ethereum price surge pre-and-post Merge?

Ether's (ETH) impressive 85% gain in the past thirty days will have surprised even the most bullish investors and it makes the $800 range seen...

Over 1,900 block-producing nodes in the Solana ecosystem, new report reveals

Solana released its first ever, 'Validator Health Report' which revealed information on its network operators. According to the report the network has over 1,900 block-producing...

Gala is announcing a partnership with Stick Figure Productions to distribute Four Down on the Blockchain

Jackson, WY, USA, 11th August, 2022, Chainwire Gala, one of the leading innovators in blockchain gaming and music, has announced the launch of Gala Film. This...

Indian law enforcement accuses WazirX exchange of aiding in laundering of $130M

India's Enforcement Directorate (ED), the agency responsible for financial crimes, is looking at cryptocurrency exchanges suspected of processing transactions that sent more than 10 billion...

Beste exchanges

Koop je crypto bij Bitvavo