- The hacker of the Crema protocol has agreed to hand back the stolen funds in return for a white hat bounty
- The hacker manipulated the flash loan mechanism to obtain $8.8 million worth of SOL and USDC
- After “long negotiation”, the hacker agreed to return the funds in exchange for a $1.6 million bounty
The hacker of Solana DeFi protocol Crema, which led to $8.8 million worth of SOL and USDC being stolen from the platform, has agreed to return the funds in exchange for a $1.6 million white hack bonus. The hacker, who used a flash loan and false data entries to claim “a huge fee amount” from the liquidity pool, seems to have made the right decision after it was revealed that his initial attempts to cash out were bungled and could have led to his identity being revealed. Crema will now work on redistributing the funds back to the users from whom the money was stolen.
Crema Attack Saw $8.8 Million in SOL and USDC Stolen
The Crema attack was announced by the protocol on July 3rd, with investigations revealing that the hacker created a fake ‘tick’ account, which is an account dedicated to storing price tick data in the Crema CLMM (contentraded liquidity market maker).
The hacker then managed to fake liquidity data, earning themselves a massive payday – 69,422.9 SOL, worth around $2.3 million, and 6.5 million USDC. This USDC was then bridged to Ethereum and swapped to 6,064 ETH via Uniswap.
However, according to famed Twitter crypto sleuth ZachXBT (@zachXBT), the hacker did a “relatively poor job of covering their tracks”, with withdrawals via Ethereum mixer Tornado cash leading back to an address funded from a Gemini wallet – a wallet which will require KYC.
A smart decision here by the hacker to negotiate a bounty & return funds (18.5% of $8.8m). Interestingly enough they did a relatively poor job of covering their tracks.
— ZachXBT (@zachxbt) July 6, 2022
“Long Negotiation” Leads to Funds Returned…at a Price
It is unknown whether this factor was behind the hacker deciding to engage with Crema, but the platform offered a white hack bounty in return for the stolen funds, which came from user accounts, with the hacker eventually agreeing to 23,968 SOL ($1.6 million) following what Crema called “long negotiation”.
The SOL and ETH has been returned to the platform, and Crema has said it will now begin the arduous process of working out how much it owes to whom. A compensation plan is set to be released by the end of the week, but users will just be relieved that their funds are safe at all.