HackenProof Blog / Industry News / The hacker returned stolen funds to Crema Finance, a part was kept for himself as a bug bounty

The hacker returned stolen funds to Crema Finance, a part was kept for himself as a bug bounty

Crema Finance ceased its liquidity services after an unfortunate vulnerability in its code was exploited.

The hacker who stole $8.8 million from Solana-based liquidity protocol Crema Finance returned a significant part of the funds to the owners after lengthy negotiations. The criminal kept 45,455 SOL (~$1.68 million) as a “bounty” even though the team offered him $800,000. At the moment, the Crema Finance team has confirmed the receipt of 6064 ETH + 23967.9 SOL in four transactions. The first was a test transaction with a small amount of cryptocurrency.

Crema Finance did not provide further details, but these deals typically involve the hacker returning most of the funds in exchange for allowing some of the funds to be kept and the platform agreeing not to investigate the hacker’s identity or pursue legal action. The successful deal is a happy ending for Crema as the hacker could have rejected it just like it happened in the recent case of Harmony’s Horizon Bridge.

Now that the funds have been finally returned, users of Crema feel much relieved. In the meantime, the team is committed to making sure that an exploit like this won’t happen again. According to the company statement that was made before the deal,  a new code was already written and is now going through the auditing process. Still, there is a lot of work ahead.

Even though a detailed post-mortem on the attack hasn’t been published yet, the crypto community knows how the events unfolded. On Sunday, the company posted a tweet with a bare outline that deconstructed the incident. The cybercriminal managed to take out a flash loan from the Solend, a DeFi protocol for the Solana blockchain. Once the loan was added to a Crema pool, the attacker fabricated pricing details, which eventually allowed him to take an astronomical fee.

The Crema protocol will be alive and kicking as soon as the audit is over. As for the affected users, they will be compensated for their losses.