Solana-Based Liquidity Protocol CremaFinance Hacked for $8.7M

CremaFinance said Sunday it was “temporarily” suspending its service while it investigates a debilitating flash loan exploit

article-image

Blockworks exclusive art by axel Rangel

share

key takeaways

  • Hackers raided CremaFinance liquidity pools over the weekend, forcing the protocol to pull the plug
  • The incident is the latest in a string of exploits that have plagued the beleagured decentralized finance sector this year

Solana-based liquidity protocol CremaFinance has become the latest DeFi (decentralized finance) platform to fall victim to hackers.

First brought to attention to users on Saturday, CremaFinance said it was temporarily suspending service and investigating the exploit, believed to have totaled more than $6.4 million in digital assets at the time.

That figure was later revised to stand at over $8.7 million, Solana blockchain explorer SolanaFM said in a tweet. The hacker exploited a vulnerability in the protocol’s tick account, CremaFinance said.

A tick is a dedicated account that stores price “tick data” from a centralized liquidity market maker (CLMM). In DeFi, CLMMs typically calculate transaction fees based on data in the tick account.

In CremaFinance’s case, the authentic transaction fee data was replaced by the hacker’s faked data. This allowed the attacker to claim a “huge fee amount” out of CremaFinance’s liquidity pool, resulting in epic losses.

The hacker deployed a malicious contract and used it to activate six flash loans from Solana lending platform Solend in order to add liquidity on Crema and open their positions, CremaFinance said.

Millions of dollars in various cryptocurrencies, including tether and lido staked solana, were taken. Stolen funds are being held in the hacker’s Ethereum and Solana wallets, which have since been flagged by SolanaFM. CremaFinance is yet to confirm exactly how much crypto was left in its pools.

The firm announced it had raised $5.4 million in a private fundraising round just two weeks ago. CremaFinance is not to be confused with DeFi’s Cream Finance, which has suffered multiple “flash loan exploits” in the last year, including a $130 million hack in October.

But the incident is the latest in a string of DeFi exploits that have plagued the sector this year. Last month, a hacker stole 20 million governance tokens from Ethereum scaling solution Optimism, worth around $30 million at the time, that were intended for a loan deployed by major market maker Wintermute.

In the same month, smart contracts platform Elrond Network witnessed around $4 million siphoned off its decentralized exchange.

Still, those pale in comparison to digital asset bridge Wormhole’s $320-million hack in February and April’s $625-million attack on Axie Infinite’s Ronin bridge — the two largest DeFi thefts to date.


Get the news in your inbox. Explore Blockworks newsletters:

  • Blockworks Daily: The newsletter that helps thousands of investors understand crypto and the markets, by Byron Gilliam.
  • Empire: Start your morning with the top news and analysis to inform your day in crypto.
  • Forward Guidance: Reporting and analysis on the growing intersection of crypto and macroeconomics, policy and finance.
  • 0xResearch: Alpha directly in your inbox. Market highlights, data, degen trade ideas, governance updates, token performance and more.
  • Lightspeed: Built for Solana investors, developers and community members. The latest from one of crypto’s hottest networks.
  • The Drop: For crypto collectors and traders, covering apps, games, memes and more.
  • Supply Shock: Tracking Bitcoin’s rise from internet plaything worth less than a penny to global phenomenon disrupting money as we know it.
Tags

Upcoming Events

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

tg trading bot report graphic.png

Research

Telegram trading bots have found their primary niche in highly speculative token launches and retail-dominated memecoin markets, with many features specifically tailored to token sniping and copy-trading strategies.

article-image

Ethereum is hoping that increased DA will grow user demand — and its profits through DA fees

article-image

11 years ago, Bitcoin contributors prevented a supply crisis… two centuries from now

article-image

Both samczsun and ZachXBT have issued warnings after the Bybit hack last month

article-image

The investor criticized Michael Saylor’s plan to render his personal bitcoin holdings inaccessible to anyone else forever

article-image

The exchange has structural defenses and protocols to limit manipulations

article-image

Upshift is being spun out of August, which raised $10 million earlier this month