Solana-Backed Crema Finance Loses Nearly $9 Million in Flash Loan Attack

Crema Finance, a concentrated liquidity protocol built on the Solana (SOL) blockchain, has lost over USD 8.7m worth of crypto assets in a flash loan attack that depleted its liquidity reserves.

 

The protocol’s official Twitter account confirmed the hack on Sunday and announced a temporary suspension of the service as they began their investigation.

 

“Our protocol seems to have just experienced a hacking,” Crema Finance’s Twitter account said. “We temporarily suspended the program and are investigating it. Updates will be shared here ASAP.”

 

In an update, the team explained that the hacker started by creating a fake tick account, which is a dedicated account that stores price tick data in a concentrated liquidity market maker (CLMM). Subsequently, they were able to sidestep the routine “check” process by “writing the initialized tick address of the pool into the fake account.”

 

The hacker then deployed a contract that allowed them to lend a flash loan from borrowing and lending service Solend and add liquidity on Crema to open positions.

 

“In CLMM, the calculation of transaction fees mainly relies on the data in tick account. As a result, the authentic transaction fee data was replaced by the faked data so the hacker completed the stealing by claiming a huge fee amount out from the pool,” Crema Finance said.

 

According to an investigation by Solana explorer SolanaFM, Crema Finance was exploited to the tune of USD 8.78m, which included various amounts of USDT, USDH Hubble Stablecoin, as well as crypto synths.

 

In the meantime, the program shared the address associated with the hack, claiming they will track the movement of the stolen funds.

 

“More and more relevant organizations are providing valuable clues for us. Also, we’re still open to a communication with the hacker before the time window is closed,” the project said.