Crema Finance Breach

Crema Finance is an asset management and liquidity protocol. The platform allows traders and customers to trade, buy, and sell liquid assets.

What Was the Breach?

Crema Finance was repeatedly breached throughout 2021. Over the previous two years, the string of Crema Finance breaches makes it clear that the internet is becoming increasingly dangerous. Here's a quick recap of the breach.

How Did the Breach Occur?

The thieves responsible for the breach stole more than $8 million of cryptocurrency from Crema Finance, a DeFi platform. DeFi is a popular acronym used for decentralized finance. Perhaps the most interesting component of this digital attack is that the victim live-tweeted the breach as it occurred. 

The self-dubbed white hat hacking collective behind the theft used a flash loan attack. Fast loan attacks consist of rapid unsecured loans that zero in on weaknesses within an underlying design. The white hat hackers generated phony tick accounts that contain price tick information within centralized liquidity market makers, or CLMMs for short. This strategy bypassed the DeFi platform's owner check process by generating an initialized tick, creating an opportunity to transmit contracts and lend flash loans for liquidity and the theft of funds.

When Did This Breach Occur?

This breach occurred in July 2022. Crema also suffered breaches in February, August, and October 2021.

Who Does the Breach Impact?

The breach impacts Crema Finance as well as its customers. Crema Finance account holders who owned stablecoins or SOL were victimized in the attack. The digital infiltration reinforces the need for up-to-date protections that prevent account takeovers.

How Many Files Does the Breach Affect?

Crema Finance admitted that $8 million of cryptocurrency was stolen in the attack.