Cream Finance has identified the AMP integration error that caused a nearly $19 million loss for the protocol and aims to pay users back.
Decentralized finance (DeFi) protocol Cream Finance will pay back its users following a $18.8 million flash loan hack that occurred on Aug. 30.
Cream has published a post-mortem to the AMP flash loan exploit, promising to replace the stolen Ether (ETH) and Amp (AMP) tokens by allocating 20% of all protocol fees until the debt is paid entirely. Cream will also post collateral with relevant parties at AMP and its creators, Flexa digital payments network, to secure the debt.
According to the post-mortem report, the latest flash loan exploit was the first time Cream Finance has suffered a direct exploit, losing 462 million AMP tokens and 2,800 ETH. With assistance from blockchain security firm PeckShield, Cream found that the exploit was caused by an error in the way the protocol integrated AMP. “While unfortunate and disappointing, we take ownership of the error,” Cream noted.
Alongside a main exploit, Cream has also discovered a smaller copy-cat attack from an address with transaction history on Binance crypto exchange. The crypto trading platform is now cooperating with Cream to identify the second perpetrator.
Cream said that it will be working with authorities to trace the attacker and work with law enforcement authorities to prosecute “to the fullest extent of the law.” The hacked protocol will also grant a 10% bug bounty to the exploiter if they decide to send back the stolen funds. “If anyone is able to identify and provide information leading to the arrest and prosecution of the exploiter, we will share 50% of all funds returned,” Cream added.
Related: Poly Network offers to on board ‘Mr. White Hat’ as chief security advisor
As previously reported, Cream halted supply and borrow contracts on AMP on Aug. 30 to stop the exploit that allowed the attacker to gain access to nearly $19 million in AMP and ETH through reborrowing assets in just 17 separate transactions. Prices of both Cream’s native token, CREAM, and AMP subsequently dropped, with AMP plummeting nearly 13%.
The affected tokens continued declining in price following the attack. At the time of writing, CREAM is trading at $159, down 11% over the past seven days, according to CoinGecko. AMP token is down nearly 15% over the same period, trading at $0.052525.