Cream Finance exploiter moves nearly $500k Cream Finance exploiter moves nearly $500k

Cream Finance exploiter moves nearly $500k

CertiK said that $11M remains in an exploit address following a $496,000 transfer.

Cream Finance exploiter moves nearly $500k

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

The exploiter behind a past attack on Cream Finance has transferred nearly half a million in funds, security firm CertiK said on June 26.

Exploiter moved $496,000 of ETH

CertiK reported that the exploiter sent approximately 268 ETH ($496,000) to a separate Ethereum address. The transfer took place on June 26 at 5:33 p.m. UTC.

The transacted funds represent just a small portion of the exploiting address’ overall balance. CertiK said that the exploiting address still holds 2,700 ETH ($5.1 million) and more than $6 million in other Ethereum-based tokens.

Etherscan records identify the sending address as “Cream Finance Flash Loan Exploiter 3,” which received funds after the DeFi platform was hacked in October 2021. At that time, the exploiter managed to steal $130 million of cryptocurrency.

Though the sending address is explicitly linked to the exploit, neither Etherscan nor CertiK labeled the receiving address as belonging to the exploiter. The receiving address has nevertheless received other deposits from Cream Finance.

Unclear whether attacker is cashing out

It is also unclear whether the transaction represents an attempt to cash out funds through an exchange, as the receiving address has not transacted since receiving the funds.

The exploiter has also moved funds at other points โ€” most notably in January 2023, when they transferred $3.3 million over a matter of weeks. The reporter moved those funds through a centralized cryptocurrency exchange.


Mentioned in this article
Posted In: Hacks