In the early morning hours of Sunday, a security vulnerability was discovered in the Crema Finance protocol, which is used by the Solana network. The incident resulted in a loss of around $8.7 million, all of which is believed to be held by the hacker in distinct wallet addresses across the Ethereum and Solana networks.
Crema Finance describes itself as a protocol for focused liquidity. Users are able to trade Solana-based assets with one another using the app at minimal slippage and with economical costs. According to the information provided on its website, Crema Finance has managed a historical trading volume of more than $1.3 billion and counts more than 38,000 customers.
However, according to reports, the most recent attack was caused by a weakness that was connected to the protocol’s “ticks account,” which is a feature that is used for “error management” in Solana transactions. The attacker was able to alter Crema Finance’s pools after obtaining a flash loan via Solend, which is another Solana-based DeFi protocol.
Over $8.7 million was stolen, with just $2.27 million remaining in their Solana account once the thief was finished. The vast bulk, around 6.43 million dollars, was sent to Ethereum by means of the Wormhole protocol.
In the meanwhile, the Crema Finance team has sent an on-chain message to the unknown attacker in an attempt to communicate with them. The group has offered a reward of $800,000 to the hacker in the event that they agree to restore the stolen property within three days. If the hacker continued to disobey the team’s demands, they threatened to use “police and legal authorities” in their pursuit.
The hack of Crema Finance is noteworthy for a couple different reasons. It is the first assault on the Solana network that originated from flash loans, among other things, and that makes it notable. Over the course of the previous several years, multiple hacks in the multi-billion dollar range have been perpetrated in DeFi using flash loans, which, by their very definition, do not need approval.
As it would seem that hackers have moved their focus to the so-called “Ethereum killer,” Solana-based DeFi protocols, many of which are closed source, will presumably need to tighten up their security in order to avoid being compromised.