The hacker did not give the reasons that made him return the stolen items. Various aspects of his decision remain unknown. But he is not the first to decide to act ethically after perpetrating an attack.

The cyberattack that occurred to the decentralized finance protocol (DeFi) Cream Finance last month just took a new turn. The hacker opted for returning a considerable part of the stolen funds.

Cream Finance, a DeFi platform based on Binance Smart Chain (BSC) that focuses on loans, fell victim to an attack on August 30 that caused losses of at least USD 20 million.

The project team reported via Twitter that the hacker had taken advantage of a reentry bug that allowed him to steal 462,079,976 of AMP tokens and 2,804.96 of Ethereum (ETH). In total, the hacker managed to hijack a fortune of at least USD 34 million.

Now the platform seems to be running under good conditions. As Blockchain security firm PeckShield reported Wednesday, Cream Finance’s multi-signature wallet received 5,152.6 ETH from the hacker’s address. The sum might surpass USD 18 million at the time of publishing.

The Cream Finance team has not made any official statement about the situation. The team also had not previously reported whether it contacted the hacker or if the hacker came forward with the sole intention of returning the funds.

The transaction does not include any attached message, and in any case, it is unknown why the attacker decided to send the money back to the entity.

Cream Finance Received a Considerable Part of the Stolen Funds

Cream Finance is a protocol that gets inspiration from the well-known Ethereum-based lending platform DeFi, Compound. This protocol allows users to lend and borrow against a better range of assets than Compound.

The platform recently supported various popular NFT tokens, including Axie Infinity, Yield Guild, and Rarible.

The project has faced many security problems this year. Before being hacked in August, Cream Finance had already lost nearly $ 37.5 million in a flash loan attack six months earlier.

According to data from Etherscan, the Ethereum address believed to be controlled by the anonymous individual had no funds. The wallet moved a total of 606 remaining ETH a few hours ago, worth just over $ 2 million at current prices.

According to the data, just before sending the funds to another address, the attacker interacted with TornadoCash, a popular cryptocurrency mixer that can preserve the privacy of transactions.

Good Hackers Come to the Rescue

This situation is not the first time a hacker has regretted it after attacking a cryptocurrency platform. A few weeks ago, a similar story of a hacker that seemed to act ethically appeared in the news.

The anonymous attacker contacted the DeFi Poly Network protocol team after hacking it.  The hacker spoke with the entity after taking an incredible $ 600 million fortune. However, he let the entity know that he was not interested in money.

As the hacker expressed in a series of messages attached to cryptographic transactions, he just wanted to let the entity that there was an error in his contract.

By: Jenson Nuñez


Please enter your comment!
Please enter your name here