Share this article
Solana DeFi Protocol Crema Loses $8.8M in Exploit
Crema Finance developers said they are coordinating with “relevant organizations” to gather more information.
Updated Apr 9, 2024, 11:29 p.m. Published Jul 4, 2022, 8:23 a.m.
Solana-based liquidity protocol Crema Finance had more than $8.78 million worth of cryptocurrencies stolen from its platform in an attack over the weekend, developers said in a tweet.
Crema said it had suspended its smart contract after the exploit. The protocol allows liquidity providers to set specific price ranges, add single-sided liquidity and conduct range order trading. This makes for a sophisticated and decentralized trading platform.
STORY CONTINUES BELOW
“We've been closely working with several experienced security institutes and relevant organizations to track the hacker's fund movements,” the developers said in a tweet.
Value locked on Crema plunged to $3 million on Monday from over $12 million on Saturday following the exploit, data shows. Crema has seen trading volumes of $1.34 billion since its inception in January.
The attacker started by creating a fake tick account. A tick account is "a dedicated account that stores price tick data in CLMM,” the developers said, referring to Crema's market making protocol. After that, the attacker exploited a command by writing the data on the fake account and circumventing security measures.
4) After creating the fake tick account, the hacker circumvented our routined owner check on the tick account by writing the initialized tick address of the pool into the fake account. Txid: https://t.co/X0IneBg9ut
— CremaFinance (@Crema_Finance) July 3, 2022
The attacker then used a flash loan to manipulate the prices of assets on liquidity pools. This, along with the false data entries, allowed the attacker to claim “a huge fee amount out from the pool.”
Flash loans allow traders to borrow unsecured loans from lenders by relying on smart contracts instead of third parties.
The stolen funds were swapped to 69422.9 solana (SOL) and 6,497,738 USD coin (USDC). The Solana-based USDC was then bridged to the Ethereum network via Wormhole and swapped to 6,064 ether (ETH). These funds amount to over $8.5 million at current prices.
The attacker’s Ethereum address, 0x8021b2962dB803b73Aa874030B0B42c202E8458F as flagged by blockchain scanning tool Etherscan, had not moved the stolen funds or converted to other coins at writing time, the data show.
Plus pour vous
Ce qu'il:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
Plus pour vous
Stripe-Backed Blockchain Tempo Starts Testnet; Kalshi, Mastercard, UBS Added as Partners
Tempo, built by Stripe and Paradigm, has started testing payment-focused blockchain and has onboard a slew of institutional partners.
Ce qu'il:
- Stripe and Paradigm’s Tempo blockchain has launched its public testnet for real-world payment testing.
- Kalshi, Klarna, Mastercard and UBS are among a wave of new institutional partners now involved in the project.
- Tempo aims to offer low-cost, fast-settlement infrastructure for global payments as stablecoin adoption is accelerating globally.
Top Stories
