Decentralized finance protocol Cream Finance has been drained of over $130 million worth of tokens in the aftermath of a massive flash loan attack.
The hacker is now busy shuffling the stolen funds between several wallets with the help of coin mixers.
The Taipei-based lending platform has already acknowledged the incident on Twitter, claiming that it will share updates with its users as soon as possible.
We are investigating an exploit on C.R.E.A.M. v1 on Ethereum and will share updates as soon as they are available.— Cream Finance 🍦 (@CreamdotFinance) October 27, 2021
Third time's a charm?
Flash loans allow users to borrow money without collateral if they get returned within the same transaction. Otherwise, they will fail. The novel feature, which has been adopted by many DeFi protocols, is frequently exploited by hackers.
Cream Finance has already suffered several costly attacks to date, but the latest one is the third-biggest hack in DeFi history.
In late August, the protocol lost $18.8 million because of a reentry bug in the AMP token contract that made it possible for bad actors to continue borrowing funds.
Back in February, it was pilfered for $37.5 million.
Virtually all of the protocol's Ethereum funds have now been lost to the attacker, and it is not immediately clear whether the rest of the tokens on other chains are safe.