Solana-based Crema Finance, a decentralized finance protocol, suffered a hack on July 2 and supposedly lost about $8.7M!

Attention! Our protocol seems to have just experienced a hacking. We temporarily suspended the program and are investigating it. Updates will be shared here ASAP.— CremaFinance

“The incident has made the DeFi protocol suspend its services temporarily.”

Crema Finance Hack
For starters, Crema Finance is a platform that allows its users to swap, earn and build with its programmable liquidity network.

The alleged hacker spotted a vulnerability in the platform and used it to obtain and store the money in Ethereum via the wormhole protocol.

In detail, the hacker created a fake tick account and circumvent Crema Finance’s checks. A tick account is dedicated to storing price tick data in the concentrated liquidity market maker (CLMM) algorithm.

The hacker then deployed a smart contract to lend a flash loan from Solend to provide liquidity on Crema Finance. Afterward, thanks to the faked tick account, the attacker was able to change the pool’s transaction fee and made off with a massive fee.

“Crema Finance has contacted the hacker, offering him 800k to return the funds!”