- Crema Finance lost $9M in a hacker attack last week
- The hack resulted in the decision to temporarily shut down liquidity
- The company set up a bounty of $800,000 to retrieve the funds
- The hacker agreed to return the funds, but increased the bounty to $1.7M
The first concentrated liquidity protocol on Solana’s blockchain, Crema Finance, has recently experienced a major security breach, which resulted in $9,000,000 worth of crypto being drained. Nevertheless, this time the story seems to have a happy ending as Crema Finance managed to reclaim their crypto after a long and hard deal with the hacker.
👉After a long negotiation, the hacker agreed to take 45455 SOL as the white hat bounty. Now we have confirmed the receipt of 6064 ETH + 23967.9 SOL in four transactions indicated below. A follow-up compensation plan will be released in 48h.— CremaFinance (@Crema_Finance) July 6, 2022
Initial $800,000 Bounty Doubled Up
After the hacker managed to steal $9M via Solend flash loans, the stolen Ethereum (ETH) and Solana (SOL) were successfully tracked. A bit later, the address that supposedly belongs to the predator has been flagged. Crema Finance refrained from calling the authorities and launching an investigation instantly, as the hacker was given a chance to negotiate a white-hat deal.
Moreover, Crema Finance pointed out that “the option to negotiate only stands for 72 hours,” but that was just enough. The hacker that orchestrated the flash loan attack was compliant with Crema Finance and after a long and hard negotiation, an agreement was finally reached.
The crypto hacker managed to keep 45,455 Solana (SOL) as a bounty, which is $1,76M. The other $7.3 million in stolen ETH and SOL were returned. Crema Finance also added that a compensation plan is to be rolled out in the next couple of business days, and those who suffered from the security breach eventually will be repaid.
Significant progress: By tracing the original gas sources of the hacker’s address, we targeted a suspicious identity that might relate to the hacking incident. New updates will be shared following a further verification.— CremaFinance (@Crema_Finance) July 5, 2022
Crema’s Happy Ending Is an Exception to the Rule
The notorious phishing attacks of Axie Infinity’s Ronin, which left a lot of gamers’ pockets like rabbit ears ($625 million lost in total), and Harmony Protocol’s $100M hack attack sets a cautionary tale for crypto enthusiasts. In addition, Harmony even offered a $1M bounty for information leading to the solving of the crime, but with no success.
Notwithstanding, the two aforementioned hacks most likely came from the same infamous Lazarus Group from North Korea, which is known to fund missile and nuclear trials with the stolen crypto funds.
Finally, it’s unlikely that Crema’s attacker was from the same group. The Crema Finance attack was distinctive, as the scammer used SOL flash loans and had to deploy a separate on-chain program for it.
@Crema_Finance was recently hacked for over $6M. Unlike previous attacks, this hacker used Solend flashloans to drain the pool. We’re working closely with the Crema team to help resolve this issue.— OtterSec (@osec_io) July 3, 2022
In the meantime, we’ll be sharing what we know about the exploit 🧵 pic.twitter.com/5NjovZtAEb