$9 million in cryptocurrencies stolen in flash loan attack

On Thursday, Crema developers said that the attacker behind the exploit of the Solana-based liquidity protocol had returned more than $8 million worth of tokens, keeping roughly $1.68 million as a white hat bounty.

Over the weekend, a flash loan attack on its platform caused more than $9 million worth of cryptocurrencies to be stolen from the protocol. Flash loans rely on smart contracts instead of third parties to allow traders to borrow unsecured loans.

In a tweet, the developers said that the hacker had agreed to take 45455 SOL as the white hat bounty. They have confirmed that they received 6064 ETH and 23967.9 SOL in four transactions.

The developers said that they will release a compensation plan for users who have been affected by the attacker in 48 hours.

The protocol allows liquidity providers to set specific price ranges, add single-sided liquidity, and conduct range order trading. This makes for a sophisticated and decentralized trading platform.

A fake tick account was created on Crema by the attacker. The market-making protocol, CLMM, was described as "storing price tick data in a dedicated account," by the developers, who said that it is done with a tick account. After that, the attacker used a command to write data on the fake account and bypass security measures.

A flash loan was used to manipulate the prices of assets on liquidity pools. This, in addition to the false data entries, enabled the attacker to claim "a huge fee amount out from the pool," as previously reported.