Share this article
Crema Finance Attacker Returns Almost $8M, Keeps $1.7M Bounty
The protocol had more than $9 million worth of cryptocurrencies stolen from its platform over the weekend in a flash loan attack.
Updated May 11, 2023, 6:42 p.m. Published Jul 7, 2022, 1:55 p.m.
The attacker behind the exploit of Solana-based liquidity protocol Crema Finance returned more than $8 million worth of tokens, keeping roughly $1.68 million as a "white hat" bounty, Crema developers said Thursday.
The protocol had more than $9 million worth of cryptocurrencies stolen from its platform over the weekend in a flash loan attack. Flash loans allow traders to borrow unsecured loans from lenders by relying on smart contracts instead of third parties.
STORY CONTINUES BELOW
“The hacker agreed to take 45455 SOL as the white hat bounty,” the developers said in a tweet. “Now we have confirmed the receipt of 6064 ETH + 23967.9 SOL in the four transactions.”
The developers said a compensation plan will be released in 48 hours for users affected by the attacker.
The protocol allows liquidity providers to set specific price ranges, add single-sided liquidity and conduct range order trading. This makes for a sophisticated and decentralized trading platform.
The exploit involved the attacker creating a fake tick account on Crema. A tick account is "a dedicated account that stores price tick data in CLMM,” the developers said, referring to Crema's market-making protocol. After that, the attacker exploited a command by writing the data on the fake account and circumventing security measures.
A flash loan was then used to manipulate the prices of assets on liquidity pools. This, along with the false data entries, allowed the attacker to claim “a huge fee amount out from the pool,” as previously reported.
Meer voor jou
Wat u moet weten:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
Meer voor jou
New React bug that can drain all your tokens is impacting 'thousands of' websites
Attackers are using the vulnerability to deploy malware and crypto-mining software, compromising server resources and potentially intercepting wallet interactions on crypto platforms.
Wat u moet weten:
- A critical vulnerability in React Server Components, known as React2Shell, is being actively exploited, putting thousands of websites at risk, including crypto platforms.
- The flaw, CVE-2025-55182, allows remote code execution without authentication and affects React versions 19.0 through 19.2.0.
- Attackers are using the vulnerability to deploy malware and crypto-mining software, compromising server resources and potentially intercepting wallet interactions on crypto platforms.
Top Stories
