Skip to content
Est. MMXXVIVol. VI · № 273RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 060Flash Loan Attack

Cream Finance Flash-Loan Drain

Flash-loan price manipulation of yUSD let an attacker borrow against $1B in fake collateral and drain $130M from Cream, its third successful exploit of 2021.

Date
Victim
Cream Finance
Chain(s)
Ethereum
Status
Funds Stolen

On October 27, 2021 at 13:54 UTC, an attacker drained approximately $130 million from Cream Finance v1 in one of the most complex single-transaction exploits in DeFi history — 68 different assets touched, 9+ ETH in gas, and a price manipulation that turned $1B in temporary collateral into $130M in real withdrawals.

What happened

Cream v1's lending markets accepted yUSD — a yield-bearing wrapper from Yearn Finance — as collateral. The price of yUSD in Cream's accounting came from an oracle that read the balance of crYUSD held by the attacker's lending position, scaled by the assumed exchange rate.

The attack chained several actions:

  1. Borrow ~$1B in stablecoins via flash loan.
  2. Deposit the stablecoins into Yearn to mint a massive amount of yUSD.
  3. Deposit the yUSD into Cream v1, which credited it as collateral worth roughly the deposited dollar value.
  4. Manipulate the yUSD/crYUSD exchange-rate calculation so that Cream's oracle reported a hugely inflated price for the attacker's collateral.
  5. Borrow against the inflated collateral, draining Cream's available liquidity across dozens of assets.
  6. Repay the flash loan and walk with the net difference.

The transaction touched 68 different markets and tokens because Cream supported them all — and the attacker drained whatever was available across each pool.

Aftermath

  • Cream Finance paused v1 markets within hours, with help from Yearn engineers who identified the bug.
  • The attacker laundered through Tornado Cash; no public recovery.
  • This was Cream's third major exploit of 2021 — earlier incidents in February and August had drained smaller amounts via separate vulnerabilities. The third was effectively the end of Cream v1 as a meaningful protocol.

Why it matters

Cream v1 is the canonical case study for oracle-design failure under flash loans: any system that allows collateral whose price depends on a function of its own balance — or on a single-block exchange-rate calculation — can be manipulated in the same transaction the manipulation reads from. Modern lending protocols use time-weighted oracles, decoupled price feeds, and price caps on collateral types specifically to prevent the Cream pattern.

Sources & on-chain evidence

  1. [01]halborn.comhttps://www.halborn.com/blog/post/explained-the-cream-finance-hack-october-2021
  2. [02]coindesk.comhttps://www.coindesk.com/business/2021/10/27/cream-finance-exploited-in-flash-loan-attack-worth-over-100m
  3. [03]therecord.mediahttps://therecord.media/hackers-steal-130-million-from-cream-finance-the-companys-3rd-hack-this-year

Related filings