Cream Finance Exploiter Moving Funds Over 16 Months After Hack, Here’s Why

The Cream Finance exploiter is moving funds, more than 16 months after hacking the DeFi protocol, stealing over $136 million of various crypto assets.

Cream Finance Exploiter Transfers Funds

According to CertiK, a blockchain analytic platform, the exploiter moved 365.69 ETH, worth roughly $600,000 at spot rates, to a new address. The amount is part of the over $136 million tokens stolen in late October 2021.

Funds were moved to another address. It is not yet clear what the hacker intends to do with the $600,000. Cream Finance is a blockchain-agnostic DeFi protocol deployed on Ethereum, Fantom, Polygon, and the BNB Smart Chain (BSC).

It was forked from Compound, a competing lending platform, and remains open source. Cream Finance offers a wide range of services, including lending, yield farming, and token exchange. CREAM, the governance token of Cream Finance, is changing hands at $12.83 when writing on January 30.

Cream Finance CREAM Prices on January 30

In crypto, addresses holding stolen funds are always marked and therefore tainted. It makes it hard for hackers to launder stolen funds on centralized exchanges or other platforms without being identified. The decision by platforms to join hands to combat money laundering from crypto and DeFi hackers is bearing fruits.

These platforms, mostly centralized exchanges like Binance, Coinbase, or Huobi, allow users to purchase fiat currencies, including the USD, JPY, or Euro, and are compliant with applicable know-your-customer (KYC) and anti-money laundering (AML) rules. This means agents trying to launder funds through these portals can be mapped out in the real world and prosecuted.

By picking out this transfer, CertiK is updating the crypto and DeFi community that the perpetrator of the hack is still active and trying to shuffle funds through various addresses. However, considering the transparent nature of underlying blockchains, including Ethereum, it is easy to track transactions despite the sender’s private identity. Any mistake on the hacker’s end can lead to their IP address being uncovered or their identity decrypted, bringing them to the custody of law enforcement agents.

To counter this possibility and conceal their tracks, hackers use crypto mixers like Tornado Cash. Despite the United States Treasury Department banning citizens from using mixers like Tornado Cash, users prefer the tool. Many users are hackers wishing to cash out the funds anonymously.

DeFi Under Attack

In late October 2021, Cream Finance was hacked for over $136 million. The hacker targeted the protocol’s v1 lending market, siphoning several ERC-20 tokens and CREAM governance tokens. Through a series of flash loans, the attacker manipulated the protocol’s yield, allowing for borrowing more assets than collateralized.

The attack was the protocol’s third in 2021, questioning the security of DeFi dApps against determined attackers, some of whom might be sponsored by governments like North Korea. In mid-January, Lazarus Group, a hacker cell associated with North Korea, attempted to launder $63.5 million.

However, Binance and Huobi picked out their transfers and froze assets. Funds were part of the amount stolen from the Harmony Bridge hack.



Post a Comment

Previous Post Next Post