Crema hacker returns $8M, keeps $1.6M in deal with protocol

The Crema Finance team awarded the hacker who made off with nearly $10 million in funds from the protocol 16.7% of the stolen funds as a white hat bounty.

The hacker who exploited Solana-based liquidity protocol Crema Finance on July 2 returned most of the funds but was allowed to keep $1.6 million as a white hat bounty.

The bounty, 45,455 Solana (SOL), is worth a generous 16.7% of the $9.6 million Crema lost initially, which forced the protocol to suspend services.

Crema’s team began an investigation to identify the hacker by tracking their Discord handle and tracing the original gas source for the hacker’s address. Just as it seemed the team may have been onto the secret identity, it announced that it had been negotiating with the hacker. On July 6, the hacker returned 6,064 Ether (ETH) and 23,967 SOL worth roughly $8 million.

After a long negotiation, the hacker agreed to take 45455 SOL as the white hat bounty. Now we have confirmed the receipt of 6064 ETH + 23967.9 SOL in four transactions indicated below. A follow-up compensation plan will be released in 48h.

— CremaFinance (@Crema_Finance) July 6, 2022

The hacker returned the funds in a series of transactions on Ethereum and Solana networks. The first transaction on each network was a test with a negligible amount of coins, while the following was worth the majority of the funds sent.

Users of Crema and the team have reason to rest easier now that the funds have been secured, but there is still work to do. The team announced on July 5, before the deal had been reached, that it submitted new code for auditing to ensure that the same exploit did not happen again.

Although the community awaits an official post-mortem on the attack, the Crema team outlined what happened in a July 3 thread on Twitter. The attacker took out a flash loan from the Solend decentralized finance (DeFi) lending protocol, which was added as liquidity to a Crema pool.

The hacker then fabricated pricing data to make it seem as though they were owed a much bigger reward than they should have. This allowed them to take “a huge fee amount” worth about $9.6 million from the pool to which they added the flash loan.

Related: Dutch University set to recover more than twice the paid BTC ransom in 2019

The Crema protocol will be back up and running after the audit is complete, according to the team’s tweet. The team will also issue a compensation plan for affected users by July 8.

Crema is lucky to have recovered as much funds as it did, considering the calamity that befell the Horizon Bridge on Harmony last month. A hacker stole $100 million in crypto from Harmony’s token bridge and rejected the $1 million white hat bounty to return the funds.

Related Posts

The Philippines halts virtual asset provider license applications

The Banko Sentral ng Pilipinas said that the closing of VASP applications begins on Sept. 1, 2022, and will last for three years. While many believe that…

Web3 helps Taiwan secure information against cyberattacks

In an effort against Chinese cyberattacks, Taiwan employs Web3 technology for decentralized file sharing post-Pelosi visit. The Taiwanese Ministry of Digital Affairs (MODA) plans to implement decentralized…

World’s Largest Asset Manager BlackRock Launches Spot Bitcoin Private Trust

After announcing it would enable bitcoin trading services, $10 trillion BlackRock now offers spot bitcoin exposure to institutions in a private trust. BlackRock has launched a spot…

Attackers Wipe Out $3.5M From Crypto Game Dragoma Through Rug Pull Technique

Scamming and hacking activities seem to be skyrocketing within the crypto industry. Even with the increase in innovation and technological application in the crypto space, criminals are…

Bitpay Reveals Prepaid Cardholders Can Get up to 15% Cash Back Rewards via Select Retailers

The Atlanta-based crypto payment services company Bitpay has announced that Bitpay’s prepaid cardholders are eligible for cash back rewards if they use their card with participating retailers….

Ankr Receives a Strategic Investment from Binance Labs

Ankr is a well-known Web3 infrastructure provider. In a nutshell, the protocol works in the background, but it makes using decentralized applications, wallets, as well as crypto-based…

Generated by Feedzy