Créma Finance: A Crypto Hack That Ended Really weird
Another day to prove that we are still early in the crypto space, lots of mistakes are being made, lots of loopholes in the smart contract, lots of auditing to be done to make sure that these loopholes are checked and sorted out.
Have you heard of the weird crema hack? A solana-based liquidity protocol that was hacked a month ago, it provides flash loans. Flash loans are loans that get borrowed and paid back in the same transaction instantly. Just as the name implies, ”flash” loans, done within seconds in a transaction. But why do people use flash loans, they use it because they have the opportunity of keeping the profits as rewards. So it’s expected to be profitable and risk free, but then, these hackers always look for loopholes to make sure that they exploit these platforms. Well, what do you expect, it’s easy money for them.
This hacker took a flash loan and exploited the smart contract by creating a fabricated data pricing which displayed as if the protocol owed the hacker more transaction fees for the flash loan. Guess how much was paid for the transaction fee? A whooping $9.6 Million. That is an outrageous amount to be paid for something that isn’t true, it’s like illegally getting money legally which is not right.
The crema finance protocol identified that an exploitation has been made on their project and they have lost $9.6 Million, they had to investigate and trace how they were going to contact the hacker. They finally got the hackers contact, and decided to negotiate. They negotiated with hacker to return $8 Million and keep $1.6 Million. This way it’s better for everyone in the sense that, they need this money, time is money, the hacker also need to release the $8 Million and because of the reason below.
We all know that cryptocurrency work on the blockchain technology which is transparent and can be traced, this means that it’s just a matter of time for the hacker to miss a step and they will get caught. This makes it’s very hard to launder money, because what use is the money if you can’t spend it? Just like those couple that got caught after 5 years of Bitfinex hack. The only way the hacker has to spend this money is to let Crema finance agree that the $1.6 Million will be kept as a bounty payment, so it’s like crema finance is paying the hacker $1.6 Million as a payment for discovering a loophole.
Cool right? This way they keep the $1.8 Million and spend it freely, and crema finance have their $8 Million and fix the loophole. Because if they don’t fix that loophole, more hackers will come and take more money.
Posted Using LeoFinance Beta
Hahaha. $1.6m for 'helping you discover your loophole'. That's the way it should be considered instead of stealing. That's the way to negotiate. Win-win for every side
Exactly what the hacker did.
Congratulations @readthisplease! You have completed the following achievement on the Hive blockchain and have been rewarded with new badge(s):
Your next target is to reach 1600 posts.
You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOPTo support your work, I also upvoted your post!
Check out the last post from @hivebuzz:
The latest I heard was that Crema team has sent an on-chain message to the hacker’s Ethereum address, stating that the hacker has 72 hours to consider becoming a white hat, keeping an $800k bounty, and transferring the remaining funds.
Did he comply?