Flash Loan Exploit Whips Cream Finance For $130 Million

The Cream team confirms $130 million theft in a tweet, token price plummeted but then recovered during the Asia trading day.

article-image

Blockworks Exclusive Art by Axel Rangel

share

key takeaways

  • Another flash loan exploit hits Cream Finance, this time for $130 million
  • Flash loan exploits involve clever arbitrage plays that drain the protocol’s liquidity pools of their assets, devaluing the token for users

Late Wednesday, Blockchain security provider Peckshield identified that a flash loan attack was underway against DeFi lending platform Cream Finance, with attackers attempting to pilfer Cream liquidity provider tokens. In total, $130 million was stolen, according to on-chain data. This comes after two other successful attacks earlier this year, which saw hackers nab $37.5 million in February and $18.8 million in August.

Loading Tweet..

Cream is affiliated with DeFi stalwart Yearn Finance, as a result of a 2020 ‘merger’, but the much larger Yearn family of products was unaffected, according to the group’s Twitter feed.

Loading Tweet..

What is a flash loan exploit?

Flash loan attacks exploit one of the key pillars of DeFi: the ability to obtain leverage without collateral. Flash loans seek to nullify the defining fear of the credit market — the borrower will run off with the money, leaving the lender empty-handed. Sure, collateral like a house as part of a mortgage would partially eliminate this risk, but needing to post collateral to obtain credit is by its nature exclusionary and, for the world of digital assets, might not work as it would require the participation of lenders that are hostile to crypto.

So, the DeFi and digital assets industry has invented the flash loan. This is a specific type of loan which, via the underlying smart contract, allows the borrower to obtain credit, complete a transaction with said credit (the most common of which is to utilize arbitrage opportunities), and then repay the loan all within the same transaction on the blockchain.

A flash loan attack in progress; Source: Ethexplorer

Should any part of the process fail, the entire transaction will be reverted, thereby undoing the loan — meaning that, in theory, the lender has no risk — provided that the smart contract which controls the whole operation has code strong enough to withstand adversarial scrutiny. 

A flash loan attack occurs when the borrower manipulates the markets as the loan is taking place, driving the value of the borrowed token underwater thanks to excess slippage, and then allowing the attacker to buy back the token at a deflated price. Because the slippage and price deflation is limited to one market, the attacker is free to sell the tokens on other markets for the real price and pocket the profits.

Technically, this particular exploit was quite complex, involving multiple Ethereum wallets and dozens of discrete steps. The attacker is now in the process of laundering the stolen funds.

How many DeFi attacks have occurred in 2020?

According to various leaderboards such as Rekt’s DeFi hack list, there has been over $500 million in theft from different kinds of DeFi hacks like flash loan exploits during 2021 including this most recent one from Cream Finance. In total, there has been approximately $1.2 billion stolen from DeFi protocols since the inception of the industry, according to CryptoSec.info.

SEC Chair Gary Gensler has repeatedly said that regulation of the DeFi sector is coming under the guide of consumer protection, and it’s only a matter of time before regulation is implemented.
Cream Finance’s token recovered during the Asia trading day as the market digested news of the exploit, but remains down 25% over the past 24 hours, according to Coingecko.

Tags

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

recent research

Featured.png

Research

Helium stands at a pivotal moment in its evolution as a decentralized wireless network, balancing rapid growth, economic restructuring, and global expansion. With accelerated growth in domestic DAUs and Hotspots supporting its network, Helium is leveraging strategic partnerships and innovative proposals to scale internationally. The recent implementation of HIP 138, “Return to HNT,” has unified its token economy under HNT, simplifying participation and strengthening liquidity, while HIP 139’s phase-out of CBRS refocuses efforts on scalable Wi-Fi offload. Meanwhile, governance shifts under HIP 141 raise questions about centralization as Nova Labs consolidates control over the roadmap.

article-image

The asset surged over the past seven days to reach its highest-ever weekly close on the SOL/ETH pair

article-image

Industry watchers note that SOL ETFs have attracted a fraction of the demand for bitcoin and ether ETFs

article-image

Tariff swings impact stock market and company outlooks, with Apple and NVidia likely to be affected by China tariffs

article-image

The team says an attacker minted unclaimed tokens from ZKsync’s 2024 airdrop

article-image

The MIT research-based protocol is live in private testnet — laying the foundation for decentralized RAM

article-image

The Balkan micronation went from Bitcoin economy to blockchain buzzwords in 10 years