Cream Finance
| Primary URL | Location | Industry | cream[.]finance |
Country
Taiwan
|
Financial Services
|
|---|
Profile
Crema Finance, also known as Cream Finance, is a decentralized finance platform headquartered in Taiwan that offers concentrated liquidity solutions, lending and borrowing services, and flash‑loan capabilities. The protocol operates on multiple blockchain networks, deploying its concentrated liquidity product on Solana while its lending system and flash‑loan features run on Ethereum. Users can supply assets to earn yields, take out collateralized loans, or execute flash‑loan transactions without intermediaries, targeting participants in the global DeFi market who seek permissionless access to capital efficiency. By concentrating liquidity within specific price ranges, the protocol aims to improve capital utilization compared to traditional automated market makers. Its smart‑contract infrastructure supports both ERC‑20 and ERC‑777 token standards, enabling a wide variety of assets to be used across its products. The platform’s design emphasizes composability, allowing other DeFi applications to integrate its liquidity and lending modules.
The platform has faced several significant security incidents that reveal its exposure to advanced attack vectors. In July 2022, a flash‑loan exploit on its Solana concentrated liquidity protocol led to the theft of roughly $8.8 million in SOL and stablecoins, after which the attacker returned $8.3 million and kept a $1.68 million bounty as part of a negotiated resolution. In October 2021, a flash‑loan vulnerability in the lending system resulted in the loss of about $130 million in cryptocurrency assets, marking the platform’s third major breach that year following two earlier flash‑loan attacks that together exceeded $66 million. In August 2021, a reentrancy flaw in the flash‑loan feature, linked to an ERC777 token contract interface, allowed attackers to steal over $29 million, including AMP tokens and Ethereum. Following each incident, Crema Finance suspended services, engaged blockchain security firms and analysts to investigate, and in some cases negotiated the return of stolen funds. These events highlight the platform’s role as a prominent DeFi protocol whose complex flash‑loan and liquidity mechanisms have attracted both users and attackers.
