Cream Finance exploiter moves nearly $500k
CertiK said that $11M remains in an exploit address following a $496,000 transfer.
The exploiter behind a past attack on Cream Finance has transferred nearly half a million in funds, security firm CertiK said on June 26.
Exploiter moved $496,000 of ETH
CertiK reported that the exploiter sent approximately 268 ETH ($496,000) to a separate Ethereum address. The transfer took place on June 26 at 5:33 p.m. UTC.
The transacted funds represent just a small portion of the exploiting address’ overall balance. CertiK said that the exploiting address still holds 2,700 ETH ($5.1 million) and more than $6 million in other Ethereum-based tokens.
Etherscan records identify the sending address as “Cream Finance Flash Loan Exploiter 3,” which received funds after the DeFi platform was hacked in October 2021. At that time, the exploiter managed to steal $130 million of cryptocurrency.
Though the sending address is explicitly linked to the exploit, neither Etherscan nor CertiK labeled the receiving address as belonging to the exploiter. The receiving address has nevertheless received other deposits from Cream Finance.
Unclear whether attacker is cashing out
It is also unclear whether the transaction represents an attempt to cash out funds through an exchange, as the receiving address has not transacted since receiving the funds.
The exploiter has also moved funds at other points — most notably in January 2023, when they transferred $3.3 million over a matter of weeks. The reporter moved those funds through a centralized cryptocurrency exchange.