July 19th, 2022
On July 2nd 2022, DeFi Liquidity Protocol Crema Finance was hacked, and funds worth ~ $8 Million were stolen by a hacker, which resulted in a protocol-wide halt of all the operations. Crema Finance is a Concentrated Liquidity Protocol on Solana that provides a vast range of features to DeFi investors, especially to Liquidity Providers.
The protocol has various pools that they named Concentrated Liquidity Market Maker [CLMM], which is said to be the superior version of Automated Market Maker [AMM]. According to the AMM model, only the liquidity closest to the real-time trading price is used, which means most of the liquidity providers’ capital remains unused in the long run. Resources are being wasted here. Whereas CLMM allows liquidity providers to specify specific price ranges within which their liquidity should be traded.
After the investigation, the Crema team gave details on Twitter on how the hacker was able to steal such a massive amount of capital from the pool:
The hacker then went and swapped the stolen fund into 69422.9 SOL and 6,497,738 USDCet via Jupiter and then bridged the assets to the ETH network and swapped it for 6064 ETH.
Before launching the legal investigation, the Crema team thought to open a direct negotiation with the hacker, and luckily they could chat with the person. The team offered a bounty of $700,000, but the hacker gave a counter-offer of a bounty of 45455 SOL (~ $1.4 million) in exchange for returning the funds. The negotiation was finalized, and the hacker initiated the refund in various distributed transactions.
To compensate for the loss that the users and investors faced after the hack, the Crema Finance team presented a compensation plan to compensate the affected users through 1.5% of the total hard-cap CRM (15,000,000 CRM) from the team’s allocation.
With the increase in the use of the DeFi, and the significant uses of flash loans, the chances of making the protocols vulnerable have also increased, which could only be minimized by getting the routine auditing done after every major update/upgrade.