The attacker responsible for the Solana-based Crema Finance hack has returned about $7.6 million of stolen funds, keeping roughly $1.6 million worth of SOL as a bug bounty reward.
Crema Finance Hacker Returns Stolen Funds
In a Thursday tweet, the Crema team disclosed that after a compromise was finally reached, the attacker transferred 6064 ETH ($7 million) plus 23967.9 SOL ($877,000) to the project’s wallet address across four transactions. However, the hacker retained 45455 SOL ($1.6 million) as a reward for his good deed.
1st ETH txn:https://t.co/CcCE9lRHep
2nd ETH txn: https://t.co/riooC7YHwI
1st SOL txn:https://t.co/wRZfOXFe03
2nd SOL txn:https://t.co/oCrdtAqxAE
— CremaFinance (@Crema_Finance) July 6, 2022
On July 3, Crema Finance announced that it had suspended services after suffering a security breach on its platform, with the attacker siphoning about $8.7 million worth of assets, including 69,422 SOL and 6.5 million USDC. Investigations later revealed that the hacker exploited a vulnerability in the protocol’s ticks accounts.
After the hack, Crema reached out to the attacker via an on-chain message, offering a bounty reward of $800,000 if they return the stolen funds. However, the hacker was able to negotiate for a higher bounty, receiving two times the initial amount.
Not the First
Crema Finance will not be the first DeFi project to suffer a security breach that led to the loss of significant amounts of assets. According to research conducted by blockchain analytics platform Chainalysis, 97% of the $1.7 billion worth of crypto assets stolen in the first three months of 2022 were taken from DeFi protocols, a 72% rise from the previous year.
In April, DeFi protocol Deus Finance was exploited with attackers stealing around $13 million in crypto. The same month, decentralized stablecoin protocol Beanstalk suffered a flashloan attack, resulting in the loss of more than $180 million. In June, DeFi protocol Inverse Finance suffered its second attack of the year, losing $1.26 million to hackers.
Meanwhile, although Solana-based lending protocol Port Finance wasn’t hacked, the project paid out a $630,000 bounty reward to a white hat hacker for preventing a potential $25 million bug on the platform.
