CremaFinance, a liquidity protocol built on Solana, announced it has successfully recovered most of the funds stolen as a result of a hack that occurred on Saturday. The operation was carried out in collaboration with crypto security firm TRM Labs, who Crema said it would continue working with on a permanent basis.
Crema also thanked on-chain sleuths ZachXBT and OtterSec for their involvement in the investigation. According to ZachXBT, the hacker “did a relatively poor job of covering their tracks” and was identified based on “two suspiciously timed Tornado withdrawals.”
The hacker was then approached by Crema and after “long” negotiations agreed to keep 45,455 SOL as bounty, returning the rest. In exchange, Crema said it would not pursue further investigation or involve “police and legal force.” They then returned 6,064 ETH and 23,967.9 SOL.
As hacks in DeFi become increasingly common, some crypto experts have argued that protocols’ security should rely on bug bounty programs and even hostile hack management, incentivizing hackers to exploit flaws in good faith.
Total value locked dropped 69%
The hack, which was made possible by a fake tick account, resulted in 69,422 SOL (about $2.2 million) and 6,064.44 ETH (approximately $6.5 million) getting drained. The TVL of CremaFinance then dropped 69% to $3.87 million, overnight.
The team has submitted a new code base for an external audit at SlowMist, another blockchain security firm that played a part in the investigation. For now, all operations remain suspended, but Crema said it would resume trading when the audit is completed.