The Crema Finance decentralized liquidity protocol team (Solana ecosystem) stopped the application due to a hacker attack.
According to OtterSec analysts, the attackers withdrew about $6 million worth of digital assets from the project’s liquidity pools. The attack was carried out using instant loans on the Solend landing platform.
Experts said that unknown people discovered a vulnerability that allows deposits to be made into the protocol and a relevant amount of assets to be withdrawn, while receiving additional tokens through the Claim instruction. To carry out the attack, hackers deployed their own smart contract in the Solana network, interacting with Crema Finance.
At the time of writing, 69,422 SOL (~$2.28 million) is stored at the alleged address of the attackers.
The Crema Finance team is investigating the incident. The developers promised to reveal the details of the attack and the amount of damage later.
Recall that on June 24, a hacker stole about $100 million during an attack on the Horizon cross-chain bridge of the Harmony protocol.