Solana-based Crema has taken a hit after an exploit of their security.
Crema Finance is a liquidity protocol in which providers are able to set specific price ranges, add single-sided liquidity, and conduct range order trading. Recently the platform has suffered an attack that has seen the team lose over $8.78 million in cryptocurrency stolen from the platform in an attack over the weekend. The news was broken to their users via a tweet,
After the exploit, the smart contract of Crema was suspended and the team is working closely with experienced security institutes and organizations to track the hacker.
Originally the value of Crema was $12 million but after the hack, the value has dwindled down to $3 million, with trading volumes reaching past $1.34 billion totally on the platform since its beginnings in January of 2022.
The team went into detail as to how the situation came to pass as they discussed how the attacker used a fake tick account. A tick account is an account that is dedicated and stores price tick data in the Crema Market Making protocol or CLMM. The attacker then exploited certain commands by using the fake account and getting past security measures.
After circumventing security the hacker made use of a flash loan, manipulated the prices of assets on liquidity pools, and proceeded to use this procedure to claim a large amount from the pool. The stolen funds were then swapped to SOL. The total amount of SOL $69422.9 SOL ( approx.$ 6,487,738 USD) was bridged to Ethereum via a wormhole and swapped to ETH at 6,064 ETH which then amounts to $8.5 million at the current market price.
At the time of this writing the tokens were tracked via Etherescan and upon inspection it would seem the tokens are still in the wallet and have yet to be moved elsewhere.