Crema Finance Struck a Deal with Hacker to Recover $9M in Lost Funds

Hacker doubled up the bounty before returning stolen funds.

  • Crema Finance lost $9M in a hacker attack last week
  • The hack resulted in the decision to temporarily shut down liquidity
  • The company set up a bounty of $800,000 to retrieve the funds
  • The hacker agreed to return the funds, but increased the bounty to $1.7M

The first concentrated liquidity protocol on Solana’s blockchain, Crema Finance, has recently experienced a major security breach, which resulted in $9,000,000 worth of crypto being drained. Nevertheless, this time the story seems to have a happy ending as Crema Finance managed to reclaim their crypto after a long and hard deal with the hacker.

Initial $800,000 Bounty Doubled Up

After the hacker managed to steal $9M via Solend flash loans, the stolen Ethereum (ETH) and Solana (SOL) were successfully tracked. A bit later, the address that supposedly belongs to the predator has been flagged. Crema Finance refrained from calling the authorities and launching an investigation instantly, as the hacker was given a chance to negotiate a white-hat deal.


Moreover, Crema Finance pointed out that “the option to negotiate only stands for 72 hours,” but that was just enough. The hacker that orchestrated the flash loan attack was compliant with Crema Finance and after a long and hard negotiation, an agreement was finally reached.

The crypto hacker managed to keep 45,455 Solana (SOL) as a bounty, which is $1,76M. The other $7.3 million in stolen ETH and SOL were returned. Crema Finance also added that a compensation plan is to be rolled out in the next couple of business days, and those who suffered from the security breach eventually will be repaid.

Crema’s Happy Ending Is an Exception to the Rule

The notorious phishing attacks of Axie Infinity’s Ronin, which left a lot of gamers’ pockets like rabbit ears ($625 million lost in total), and Harmony Protocol’s $100M hack attack sets a cautionary tale for crypto enthusiasts. In addition, Harmony even offered a $1M bounty for information leading to the solving of the crime, but with no success.

Notwithstanding, the two aforementioned hacks most likely came from the same infamous Lazarus Group from North Korea, which is known to fund missile and nuclear trials with the stolen crypto funds. 


Finally, it’s unlikely that Crema’s attacker was from the same group. The Crema Finance attack was distinctive, as the scammer used SOL flash loans and had to deploy a separate on-chain program for it.

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Tadas Klimasevskis

Tadas Klimaševskis is a Lithuanian journalist at DailyCoin, specializing in covering the lighter side of the crypto industry such as memecoins and pop culture in the metaverse. He has experience as a music artist, English language teacher, and freelance writer, and uses his creative writing skills to summarize valuable information in his work. He is also a strong believer in the potential of blockchain and spends his free time listening to music, traveling, and watching basketball games.