Cream Finance, a serious decentralized finance (DeFi) protocol centered on lending, has suffered a extreme exploit, with a hacker stealing practically $19 million from its platform.

An unknown hacker has managed to realize $18.8 million within the newest flash mortgage exploit of the Cream Finance protocol by way of a reentrancy bug launched by the Amp token, based on an investigation by blockchain safety agency PeckShield.

Asserting the information Monday, Cream Finance stated that the protocol has stopped the exploit by pausing provide and borrow contracts on the Amp token. “No different markets had been affected,” Cream Finance said.

PeckShield specified that the hacker exploited the Amp token by reborrowing property throughout its switch earlier than updating the primary to borrow in 17 separate transactions. Offering an instance transaction, the safety agency stated, “The hacker makes a flashloan of 500 ETH and deposit the funds as collateral. Then the hacker borrows 19M $AMP and makes use of the reentrancy bug to re-borrow 355 ETH inside $AMP token switch. Then the hacker self-liquidates the borrow.”

“The funds are nonetheless parked in 0xCE1F….6EDE. We’re actively monitoring this tackle for any motion,” PeckShield added, providing the hacker’s tackle.

Amp is an Ethereum-based token that’s designed to collateralize funds on the digital funds community Flexa. The Amp token contract implements ERC-77-based registry good contract referred to as ERC-1820. Introduced in 2019, the ERC-1820 commonplace defines a common registry good contract the place any tackle “can register which interface it helps and which good contract is accountable for its implementation.”

Associated: Beleaguered DeFi project xToken suffers second major exploit since May

Following the assault, each the Amp token and Cream Finance’s native token, CREAM, noticed a notable value drop, with Amp plummeting practically 13% over the previous 24 hours. On the time of writing, the Amp token is trading at $0.051908, whereas the CREAM token is buying and selling at $167, down round 5% over the previous 24 hours, based on knowledge from CoinGecko.

As beforehand reported by Cointelegraph, DeFi product Alpha Homora in February suffered a $37-million hack, which exploited Cream’s Iron Financial institution protocol-to-protocol lending platform.

The newest flash mortgage exploit comes amid the rising quantity of hacks and exploits amongst each centralized and decentralized cryptocurrency platforms. On Saturday, Bilaxy crypto change suffered a major hot wallet hack resulting in 295 ERC-20 tokens being compromised. Liquid lost nearly $100 million in a hack that befell on Aug 19.