ICrypto

Hotest Blockchain News in First Media Index

Cream Finance Exploiter Moving Funds Over 16 Months After Hack, Here’s Why

The Cream Finance exploiter is moving funds, more than 16 months after hacking the DeFi protocol, stealing over $136 million of various crypto assets.

Cream Finance Exploiter Transfers Funds

According to CertiK, a blockchain analytic platform, the exploiter moved 365.69 ETH, worth roughly $600,000 at spot rates, to a new address. The amount is part of the over $136 million tokens stolen in late October 2021.

Get 30 FREE SPINS at Punt Casino - NO DEPOSIT REQUIRED! Start Playing Now.
No Deposit 40 FREE SPINS at Wild.io on SIGN UP. Wheel of fortune, daily bonuses, 10 BTC in prizes monthly! Start Playing Now!

Funds were moved to another address. It is not yet clear what the hacker intends to do with the $600,000. Cream Finance is a blockchain-agnostic DeFi protocol deployed on Ethereum, Fantom, Polygon, and the BNB Smart Chain (BSC).

It was forked from Compound, a competing lending platform, and remains open source. Cream Finance offers a wide range of services, including lending, yield farming, and token exchange. CREAM, the governance token of Cream Finance, is changing hands at $12.83 when writing on January 30.

CREAM’s price with some profits on the daily chart. Source: CREAMUSDT Tradingview

In crypto, addresses holding stolen funds are always marked and therefore tainted. It makes it hard for hackers to launder stolen funds on centralized exchanges or other platforms without being identified. The decision by platforms to join hands to combat money laundering from crypto and DeFi hackers is bearing fruits.

These platforms, mostly centralized exchanges like Binance, Coinbase, or Huobi, allow users to purchase fiat currencies, including the USD, JPY, or Euro, and are compliant with applicable know-your-customer (KYC) and anti-money laundering (AML) rules. This means agents trying to launder funds through these portals can be mapped out in the real world and prosecuted.

By picking out this transfer, CertiK is updating the crypto and DeFi community that the perpetrator of the hack is still active and trying to shuffle funds through various addresses. However, considering the transparent nature of underlying blockchains, including Ethereum, it is easy to track transactions despite the sender’s private identity. Any mistake on the hacker’s end can lead to their IP address being uncovered or their identity decrypted, bringing them to the custody of law enforcement agents.

To counter this possibility and conceal their tracks, hackers use crypto mixers like Tornado Cash. Despite the United States Treasury Department banning citizens from using mixers like Tornado Cash, users prefer the tool. Many users are hackers wishing to cash out the funds anonymously.

DeFi Under Attack

In late October 2021, Cream Finance was hacked for over $136 million. The hacker targeted the protocol’s v1 lending market, siphoning several ERC-20 tokens and CREAM governance tokens. Through a series of flash loans, the attacker manipulated the protocol’s yield, allowing for borrowing more assets than collateralized.

The attack was the protocol’s third in 2021, questioning the security of DeFi dApps against determined attackers, some of whom might be sponsored by governments like North Korea. In mid-January, Lazarus Group, a hacker cell associated with North Korea, attempted to launder $63.5 million.

However, Binance and Huobi picked out their transfers and froze assets. Funds were part of the amount stolen from the Harmony Bridge hack.

Tags:
Share
 31.01.2023

Hotest Cryptocurrency News

End of content

No more pages to load

Next page