Cream Finance - REKT 2
Date: October 28, 2021
Summary
Cream Finance suffered its second major hack, losing approximately $130 million. The incident is framed as part of a broader pattern of security failures within the Yearn Finance ecosystem.
What Happened
Cream Finance, a lending protocol associated with Yearn Finance, was exploited through a price oracle vulnerability. The attacker manipulated collateral valuations to drain lending vaults of $130 million in various assets.
Technical Root Cause
The core vulnerability existed in Cream's internal PriceOracleProxy for yUSDVault tokens. The token price depends on pricePerShare, calculated as vault's yUSD balance divided by totalSupply. This mechanism proved susceptible to manipulation through strategic redemptions and deposits.
Attack Vector
The exploit involved a sophisticated multi-step process:
1. Flash Loan Setup: Address A borrowed 500M DAI from MakerDAO, converting it to yDAI via Curve's yPool, then minting yUSD through Yearn's strategy
2. Collateral Creation: yUSDVault tokens (from Yearn) were deposited as collateral on Cream to mint ~$500M crYUSD
3. Parallel Attack: Address B took a $2B ETH flash loan from AAVE, using it as collateral to borrow additional yUSD
4. Recursive Looping: Addresses performed repeated deposit/borrow cycles, with B transferring ~$500M yUSDVault tokens to A, accumulating ~$1.5B crYUSD
5. Price Manipulation: The attacker redeemed ~$500M yUSDVault for underlying yUSD, reducing vault totalSupply to just $8M, then deposited ~$8M yUSD. This approximately doubled yUSDVault share valuations in Cream's calculation
6. Drainage: With $3B in apparent collateral, the attacker withdrew $2B ETH to repay B's loan, used ~$500M yUSD to repay A's DAI loan, leaving $1B to drain Cream's $130M in available lending assets
Stolen Assets
• Over 2,760 ETH
• 76 BTC across renBTC, WBTC, and HBTC variants
• Tens of millions in stablecoins and other tokens
Exploiter Wallets:
• Address A: 0x961d2b694d9097f35cfffa363ef98823928a330d
• Address B: 0x24354d31bc9d90f62fe5f2454709c32049cf866b
Fund Laundering
The attacker:
• Received Tornado Cash funding ~30 minutes before the attack
• Transferred stolen funds back to the funded wallet
• Used renBridge to convert assets to BTC
• Added over $40M CRETH2 as single-sided liquidity to Uniswap's ETH-CRETH2 pool
Response & Recovery Attempts
Cream Finance's deployer offered "a 10% bounty" to the attacker via on-chain message, appealing for fund recovery.
Contextual Analysis
The article emphasizes this represents the second major Cream hack and positions it within a pattern of security failures across Yearn's ecosystem acquisitions. The mysterious message embedded in the exploit transaction data referenced other protocols ("Baave lucky, iron bank lucky, cream not") and included commentary on competitive dynamics in DeFi, suggesting possible rivalries between development teams rather than a purely financial attack.