Cyber Incident Victim: Cream Finance

On August 30, 2021, blockchain security firm PeckShield detected anomalous activity indicating an ongoing attack against Cream Finance, a decentralized finance (DeFi) platform specializing in cryptocurrency lending and speculative trading. Approximately thirty minutes after PeckShield’s observation, Cream Finance publicly confirmed a security breach. The attacker exploited a vulnerability in the platform’s flash loan feature—a mechanism allowing uncollateralized loans that must be repaid within the same transaction block. By leveraging a reentrancy attack within Cream Finance’s implementation of the ERC777 token standard, the attacker repeatedly withdrew funds before initial transactions finalized. This resulted in the theft of 418,311,571 AMP tokens (valued at approximately $25.1 million) and 1,308.09 ETH (worth roughly $4.15 million), totaling over $29 million in losses. The incident marked Cream Finance’s third major security breach within a year, following prior exploits in February and May 2021.

Cream Finance did not disclose immediate containment measures or recovery efforts beyond acknowledging the attack’s technical cause. Tal Be’ery, cofounder of cryptocurrency wallet ZenGo, noted ERC777’s recurring role in enabling reentrancy attacks across DeFi platforms and advocated for firewall-like systems to filter malicious contract interactions. The theft contributed to a broader trend of escalating DeFi vulnerabilities, with CipherTrace reporting that DeFi hacks constituted 76% of major cryptocurrency breaches in 2021, totaling $474 million in losses by August. Flash loan attacks, which manipulate temporary liquidity to distort asset prices or exploit contract logic, were identified as the predominant attack vector. The incident underscored persistent security challenges in DeFi protocols’ smart contract designs and their reliance on experimental token standards like ERC777.