Crema hacker returns $8 million, keeps $1.6 million in deal with protocol
The hacker who took advantage of Crema Finance's liquidity protocol on July 2 had to refund the majority of the money, but he was permitted to retain $1.6 million as a white hat bounty.
The bounty, 45,455 Solana (SOL), is generously valued at 16.7% of the initial $9.6 million Crema loss, which compelled the protocol to halt operations.
By monitoring the hacker's Discord account and finding the original gas supplier for their address, Crema's team started an investigation to find the hacker. The team revealed that it had been negotiating with the hacker just when it appeared they may have discovered the hidden identity. On Wednesday, the hacker sent back 6,064 ETH and 23,967 SOL, totaling around $8 million.
On the Ethereum and Solana networks, the hacker repaid the money through a series of transactions. Each network's initial transaction consisted of a little number of coins as a test, while the subsequent transaction carried the bulk of the transmitted money.
The team and Crema's users may now rest easy knowing that the money will be there, but there is still work to be done. Before the purchase was finalized, the team said on Tuesday that it had submitted a fresh code for auditing to make sure the same issue did not occur again.
In order to increase liquidity to a Crema pool, the attacker obtained a flash loan using the Solend decentralized finance (DeFi) lending protocol. The hacker then created fake pricing information to appear as though they were entitled to a far larger prize than they actually were. As a result, they were able to withdraw "a big fee amount" from the pool, equaling around $9.6 million, to which they later added the flash loan.
According to the team's tweet, the Crema procedure will be operational after the audit is over. By July 8, the group will also release a compensation strategy for impacted users.
Given the catastrophe that occurred to the Horizon Bridge on Harmony last month, Crema is fortunate to have recovered as much of the money as it did. Hackers broke into Harmony's token bridge and stole $100 million in cryptocurrency, rejecting a $1 million white hat reward to return the money.