Cyber Incident Victim: Cream Finance

On October 27, 2021, blockchain security firms PeckShield and SlowMist detected a breach involving Cream Finance, a decentralized finance (DeFi) platform enabling cryptocurrency lending and speculation. The attackers exploited a vulnerability in Cream’s flash loan system—a mechanism allowing uncollateralized borrowing—to steal approximately $130 million in Ethereum-based assets and tokens. BlockSec, another security firm, confirmed the exploit’s technical details via Twitter, attributing the theft to a flaw in the platform’s lending logic. Cream Finance acknowledged the incident within hours, collaborating with Yearn, a cryptocurrency platform, to patch the vulnerability. Despite identifying the attacker’s initial wallet, Cream reported that the stolen funds had been transferred to new accounts, significantly reducing the likelihood of recovery. This marked Cream’s third major security incident in 2021, following February’s $37 million loss and August’s $29 million loss, both attributed to flash loan exploits.

The October breach underscored systemic risks within DeFi ecosystems, where flash loan attacks accounted for 76% of major 2021 cryptocurrency hacks, totaling over $474 million in losses according to CipherTrace. Cream’s repeated compromises highlighted persistent vulnerabilities in DeFi protocols, contrasting with the Poly Network incident in August 2021, where a $600 million theft resulted in full restitution after negotiations. While Cream’s latest attack ranked as the year’s second-largest DeFi heist, no recovery efforts succeeded, leaving stakeholders with unrecovered losses. The company’s operational response focused solely on technical remediation, with no publicized efforts to trace or reclaim assets beyond initial wallet identification. Industry analysts noted DeFi’s disproportionate exposure to exploits, with such attacks constituting 21% of all 2020 cryptocurrency hacks after being virtually absent in 2019.