Tesla founder and CEO Elon Musk reaffirmed his support for the Doge ecosystem in a Friday interview on the Full Send Podcast. Musk who has always been vocal about his preference for the meme token rehashed his reasons for this. According to the billionaire, Dogecoin has a far greater transactional capacity than king crypto Bitcoin. DOGE Is a Better Choice in the Long Run Musk highlighted the transaction times of either blockchain to support his argument. Bitcoin processes transactions in…
Crema Finance – a concentrated liquidity market maker protocol on Solana – has frozen operations following an $8.7 million exploit. The hacker has since transferred the funds to another platform, but he and his gains are still being tracked.
Manipulating the Data
Crema published a Twitter thread on Sunday explaining the technicals of the situation. Saturday’s hack was possible by creating a fake ‘tick’ account – an account that stores price tick data in Crema.
Crema’s design allows an owner check to verify legitimate tick accounts. Nevertheless, the hacker was able to circumvent it. He reportedly “[wrote] the initialized tick address of the pool into the fake account.”
Following the transaction’s confirmation, the hacker sourced funds from the Solana lending protocol Solend through a flash loan. He used them to add liquidity to open positions on Crema. Last month, Solend was part of a scandal when it deliberately seized the funds of a whale borrower nearing liquidation.
In this case, Solend did not suffer any impact, and the funds in the protocol are safe. However, the hacker was able to manipulate data in the tick account on Crema to extract massive fees from the pool. This forced Crema to suspend the smart contract following the exploit.
“The hacker swapped the stolen fund into 69422.9SOL and 6,497,738 USDCet via Jupiter,” explained Crema. “The USDCet was then bridged to Ethereum network via Wormhole and swapped to 6064ETH via Uniswap after that.”
Tracking the Funds
Wormhole and other bridge services are frequently the subject of Defi hacks. They either provide an avenue for thieves to cover their tracks or are themselves honeypots for massive thefts. So far, the first and third largest defi hacks ever involved blockchain bridges – one of which was Wormhole’s $320 million loss in February.
Nevertheless, Crema and its partners still have their eye on the hacker’s illicit gains as they move around the blockchain. The hacker’s Ethereum and Solana addresses are already identified, and Crema continues to request comments from the hacker.
On Monday, Crema provided an update stating that it had identified the hacker’s Discord account. As the team works towards “detecting” his identity, it is also actively fixing technical vulnerabilities with its protocol. Crema’s contract will resume only after its investigation is complete and the development of a “resolvement plan.”