Days after it suffered a major exploit—cryptospeak for someone takes advantage of a security flaw—that resulted in over $9 million being stolen, concentrated liquidity pool Crema Finance on Thursday announced that after intense negotiations, the hacker agreed to return most of the funds for a $1.6-million bounty.
The hacker, on June 3, had stolen 69,422.9 SOL and 6,497,738 USDC stablecoin, worth about $9 million at the time of the hack.
Modus operandi
According to the company, the hacker lent a flash loan on Solend, the lending and borrowing decentralised finance protocol of Solana platform, to add liquidity on Crema to positions.
The hacker then replaced authentic transaction fee data with forged data to claim a huge fee of about 9 million from the pool to which the loan was lent. To minimise the impact, Crema suspended its smart contract after the exploit.
Hacker about to be unmasked
Crema, along with agencies, then initiated an investigation to ascertain the hacker’s identity. The original gas (jargon for the fee paid to make a cryptocurrency transaction) source of the hacker was traced, their discord handles identified and the movement of funds closely monitored.
Simultaneously, Crema sent an on-chain message to the hacker and offered them to become a “white hat” (ethical hacker) and accept a bounty or face legal action.
Stolen funds returned
“After a long negotiation, the hacker agreed to take 45,455 SOL as the white hat bounty. Now we have confirmed the receipt of 6064 ETH (ethereum) + 23967.9 SOL (Solana’s cryptocoin) in four transactions,” Crema stated.
The company is unlikely to take legal action against the hacker since the stolen money has been returned.
Cross-chain bridges under attack
Recently, Layer 1 blockchain protocol Harmony Protocol suffered a theft on the Horizon bridge amounting to around $100 million in which tokens including Wrapped Ethereum (WETH), AAVE, SUSHI, DAI, Tether (USDT), and USD Coin were stolen.
The hacker rejected a $1-million bounty offered as part of negotiations.
Cross-chain bridges (which enable the exchange of data between blockchain networks) have recently been attacked a number of times by hackers. In January this year, Qubit Finance’s bridge was hacked for $80 million and a month later, bad actors stole $320 million from the Wormhole bridge. In March, $622 million worth of Ethereum and USDC were stolen from Axie Infinity’s Ronin bridge.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
| 1W returns-5.16% |
| 1W returns-7.80% |
| 1W returns-8.09% |
| 1W returns-8.27% |
| 1W returns-10.37% |
| 1W returns-11.36% |
| 1W returns-15.43% |
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
