As a “white hat bounty,” the Crema Finance team gave the hacker who stole almost $10 million from the protocol 16.7 percent of the stolen money.
The hacker who hacked the Solana-based liquidity protocol Crema Finance on July 2 was allowed to keep $1.6 million as a white hat prize.
The reward, 45,455 Solana (SOL), is worth a hefty 16.7 percent of the initial $9.6 million Crema loss, which led the protocol to cease services.
Crema’s crew started looking for the hacker by tracking their Discord handle and tracing the initial gas source for the hacker’s address. Just as it appeared that the team had discovered the hidden identity, it announced that it had been negotiating with the hacker. The hacker returned 6,064 Ether (ETH) and 23,967 SOL worth around $8 million on July 6.
The funds were refunded in a sequence of transactions on the Ethereum and Solana networks by the hacker. The initial transaction on each network was a test with a small number of coins, while the subsequent transaction was worth the majority of the monies transmitted.
Crema users and the team can breathe easier now that the finances have been secured, but there is still work to be done. Before the agreement was reached, the team declared on July 5 that it had submitted a fresh code for auditing to ensure that the same issue did not occur again.
Although the community is still waiting for an official post-mortem on the attack, the Crema team detailed what happened in a July 3 Twitter thread. The attacker obtained a flash loan through the Solend decentralized finance (DeFi) lending protocol, which was then used to fund a Crema pool.
The hacker then falsified price data to appear to be owed a far larger reward than they were. This enabled them to withdraw “a significant fee amount” of approximately $9.6 million from the pool to which they added the flash loan.
According to the team’s tweet, the Crema protocol will be operational after the audit is completed. By July 8, the team will also release a compensation plan for affected users.
Crema is fortunate to have recovered as much money as it did, given the disaster that struck the Horizon Bridge on Harmony last month. A hacker stole $100 million in cryptocurrency from Harmony’s token bridge and turned down a $1 million white hat reward to restore the assets.