Share this article
Cream Finance Exploiter Converts $1.75M in Stolen Funds to Bitcoin
The decentralized finance application has been exploited three times since it went live in 2020.
Updated May 11, 2023, 4:43 p.m. Published Sep 12, 2022, 1:01 p.m.
An attacker behind one of Cream Finance’s several exploits converted roughly $1.75 million in stolen funds on Monday, blockchain data shows. The address has now moved 607 bitcoins in stolen funds so far since the exploits.
Tracking tool MistTrack showed the attack swapped more than 1,000 ethers to 80 renBTC, a representation of bitcoin on Ethereum, in the early hours of Monday. The attacker then converted the 80 renBTC to actual bitcoin.
STORY CONTINUES BELOW
The move came weeks after the same address converted stolen funds to more than 300 renBTC over several days in July. The attackers used the Ren Gateway, a bridge, to make these moves. A bridge in blockchain technology is software that allows users to transfer tokens between different blockchains.
Cream Finance didn't immediately respond to a request for comment.
The lending service was previously hit by multiple exploits – the latest being a $130 million attack in late 2021 – which damaged its reputation in crypto circles and contributed to a 94% decline in the price of its native CREAM token. That attack was one of the first “flash loan” exploits in the crypto sector. It involved 68 different assets and cost over nine ethers in gas, or transactions fees.
Flash loans are a popular way for attackers to gain funds to conduct exploits on decentralized finance (DeFi) systems. Such loans allow traders to borrow unsecured funds from lenders using smart contracts instead of third parties.
In April, the Beanstalk stablecoin protocol was drained of $182 million in a flash loan attack, and in June, more than $1.2 million was taken from Inverse Finance. In July, Nirvana was drained of $3.5 million in a similar attack.
Cream had previously floated proposals to make those affected by the exploits whole. However, communication from the project’s developers has largely tapered off this year, with very few updates on its social-media channels.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Solana’s Drift Launches v3, With 10x Faster Trades
With v3, the team says that about 85% of market orders will fill in under half a second, and liquidity will deepen enough to bring slippage on larger trades down to around 0.02%.
What to know:
- Drift, one of the largest perpetuals trading platforms on Solana, has launched Drift v3, a major upgrade meant to make on-chain trading feel as fast and smooth as using a centralized exchange.
- The new version will deliver 10-times faster trade execution thanks to a rebuilt backend, marking the largest performance jump the project has made so far.
Top Stories
