The hacker who had struck Crema Finance Solana-based liquidity protocol on July 2 has returned most of the funds. The hacker had stolen $8.78 million in cryptocurrency. But Crema Finance allowed the attacker to keep $1.6 million as a white hat bounty.
Crema had launched a probe to identify the hacker by tracking their Discord handle and tracing the original gas source for the hacker’s address. When it seemed that the investigation team was zeroing on the hacker, Crema said it had been in negotiations with the hacker. As such, the hacker returned 6,064 Ether and 23,967 SOL worth about $8 million. The funds were returned in a series of transactions on Ethereum and Solana networks with the first transaction – with a negligible amount of coins – on each network being a test. The next round of transactions was worth the majority of the funds sent.
Now the funds are secure but Crema and the team have more work to do. On July 5, the team submitted a new code for auditing to ensure that a similar exploit did not happen again. Crema, on the July 2 exploitation, stated that the hacker took out a flash loan from the Solend DeFi lending protocol. The hacker used bogus pricing data to show that they were owed a much bigger reward than they should have. As such, the attacker made off with a huge fee amount worth $9.6 million from the pool adding the flash loan.
The Crema pool will be back up once the audit is complete. It plans to issue a compensation plan to the affected users by July 8.