TL;DR
On 02 July 2022 08:08 PM +UTC, Crema Finance was hit with the first of multiple malicious flashloan attacks. Each flashloan targeted a different liquidity pool on the platform, with ~$8.8m drained. The attacker then Bridged the stolen funds to EOA: eth 0x8021…, where the assets have been swapped for wETH. The Crema Finance team have reached out to the attacker with an onchain message containing a 72 hour deadline to return the funds and receive a $800k bounty.
Event Summary
CremaFinance is a powerful liquidity protocol built on Solana that provides superior performance for both traders and liquidity providers.
Crema Finance tweeted on 03 July that their protocol was experiencing a hack and had therefore suspended all activity on the platform. The attacker used Solend to flashloan several liquidity pools on Crema Finance to drain funds. From there, the stolen funds which totalled 6,497,735 $USDC were sent to Ethereum via the Wormhole Bridge to EOA: eth 0x8021…
After identifying the Ethereum wallet that the stolen funds had gone to, the Crema Finance team reached out to the attacker with a 72hr deadline to return the funds and be given a $800k bounty. However, the onchain activity of the attacker is showing that there is no intention to return the stolen funds Which is exactly what Crema Finance suspect.
Summary
After the initial investigation, it seems that the attacker was able to spoof tick account, deposit and withdraw the borrowed tokens, while calling the claim() function in order to retrieve additional tokens.
Crema Finance later confirmed that “the calculation of transaction fees mainly relies on the data in tick account. As a result, the authentic transaction fee data was replaced by the faked data so the hacker completed the stealing by claiming a huge fee amount out from the pool”.
The affected smart contract was suspended by the developers until the vulnerability will be fixed and “the investigation is all done and a resolvement plan is made”.
At the current moment, 69,422.9 SOL are stored in the attacker’s Solana account, while 6,064 ETH have been bridged to the attacker’s Ethereum address.
Attack Flow
The attacker spoofed a fake tick account for the later exploit.
The attacker flash loaned the type token required. This was used as the deposit amount during the exploit.
The attacker calls the DepositFixTokenType() function, through which he deposits the borrowed amount from the flashloan to corresponding pool.
The Claim() function is called, the attacker receiving additional tokens.
The initial deposited tokens were sent back to the attacker by calling the WithdrawAllTokenTypes() function.
Profit and assets tracing
A rough estimate of the losses is around $8,780,000.
Around 70k SOL are in the Esmx2Q… account, while batches of the stolen assets were transferred to 5pkD6y… Assets worth 6,064 ETH were bridged to ETH mainnet, to 0x8021...
Conclusion
In this case we cannot be certain what we would be able to spot this vulnerability in due to the exploited project's source code is private, so we can't come up with a conclusion now. It seems that it is a bug in the Claim and/or WithdrawAllTokenTypes function(s) which enabled the attacker to drain a large amount of funds.
Crema Finance offered the attacker $800k to return the funds and gave a 72hr deadline from the time of the sent message. Onchain activity of the stolen funds would suggest that the attacker has no intention to return the stolen funds. You can follow updates on Crema Finance's Twitter handle.
