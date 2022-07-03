Reading time: ~2 m

The team of the decentralized liquidity protocol Crema Finance (Solana ecosystem) stopped the application due to a hacker attack.

🚨🚨Attention! Our protocol seems to have just experienced a hacking. We temporarily suspended the program and are investigating it. Updates will be shared here ASAP. — CremaFinance (@Crema_Finance) July 3, 2022

According to OtterSec analysts, the attackers withdrew digital assets worth about $ 6 million from the liquidity pools of the project The attack was carried out using instant loans on the Solend landing platform.

@Crema_Finance was recently hacked for over $6M. Unlike previous attacks, this hacker used Solend flashloans to drain the pool. We’re working closely with the Crema team to help resolve this issue. In the meantime, we’ll be sharing what we know about the exploit 🧵 pic.twitter.com/5NjovZtAEb — OtterSec (@osec_io) July 3, 2022

Experts said that unknown people discovered a vulnerability that allows you to make deposits in the protocol and withdraw the relevant amount of assets, while receiving additional tokens through the Claim instruction. To carry out the attack, hackers deployed their own smart contract on the Solana network, interacting with Crema Finance.

At the time of writing, 69,422 SOL (~$2.28 million) are stored at the alleged address of the attackers.

Thanks 🙏 https://t.co/QbeCfSAkt7 — Henry | Crema Finance (@HenryCanFly) July 3, 2022

The Crema Finance team is investigating the incident. The developers promised to disclose the details of the attack and the amount of damage later.

Recall, on June 24, a hacker stole about $ 100 million during an attack on the Horizon crosschain bridge of the Harmony protocol.