A flash loan attack that depleted Crema Finance’s liquidity reserves caused them to lose over USD 8.7 million in cryptocurrency assets. Crema Finance is a concentrated liquidity protocol developed on the Solana (SOL) blockchain. On Sunday, the protocol’s official Twitter account announced the temporary suspension of the service while they began an investigation after confirming the intrusion. 🚨🚨Attention! Our protocol seems to have just experienced a hacking. We temporarily suspended the program and are investigating it. Updates will be shared here ASAP. — CremaFinance (@Crema_Finance) July 3, 2022 “Our protocol seems to have just experienced a hacking. We temporarily suspended the program and are investigating it. Updates will be shared here ASAP,” Crema Finance’s Tweet said. False Tick Account The hacker began by constructing a false tick account, a dedicated fund that keeps price tick data in a concentrated liquidity market maker, according to an update from the team (CLMM). By “putting the initialized tick address of the pool into the bogus account,” they could avoid the standard “check” procedure. 1a/: Solend Flash Loans Hacker’s wallet: https://t.co/mTjTSD0pVh The hacker managed to activate 6 flash loans on @solendprotocol: 400,000 $USDH (Solend Stable Pool Vault): https://t.co/JiB5CP2uV2 5,500,000 $USDT (Solend Main Pool Vault: https://t.co/JiB5CP2uV2 cont'd.. pic.twitter.com/m0o2I4GgDI — SolanaFM: EXPLORER UP! 🔮🔍 (...
