Cream Finance Hack: $130 Million Stolen In A Reentrancy Attack
A reentrancy vulnerability introduced when integrating the AMP token allowed an attacker to repeatedly borrow against the same collateral on Cream Finance — twice in the same year.
On August 30, 2021, Cream Finance — a decentralized lending protocol — was exploited for over $29 million worth of ETH and AMP tokens. It was the second major attack on the protocol that year, following a $37 million loss in February. And it was made possible by a single integration error.
What Is Cream Finance?
Cream Finance allows users to lend supported assets and borrow against them as collateral. Like many DeFi lending protocols, it also offers flash loans — zero-collateral borrowing that must be repaid within the same transaction or automatically reversed.
How the Attack Happened
The vulnerability was not in Cream's core contracts, nor in the AMP token contract itself. It was in how the two were integrated. AMP is an ERC-777 token, which means its transfer function includes a callback hook — a mechanism that allows external contracts to be notified and execute code during a token transfer.
The attacker exploited this hook to create a reentrancy condition. Here is what the sequence looked like: the attacker borrowed ETH from Uniswap via flash loan, staked it as collateral on Cream to receive crETH, and then borrowed AMP against that collateral. While the AMP borrow was still being processed — specifically during the token transfer callback — the attacker re-entered Cream's ETH borrowing function. Because Cream records loan amounts only after the transfer completes, the contract didn't yet know about the first borrow when the second one was initiated. The attacker was effectively borrowing twice against the same collateral.
This is a textbook reentrancy attack, made possible by the combination of AMP's ERC-777 callback mechanism and Cream's failure to account for it during integration.
The attacker executed this sequence multiple times, draining approximately 2,800 ETH and 462 million AMP tokens — worth over $29 million at the time.
Almost Everything Was Returned
In a pattern that has become less uncommon in DeFi, the attacker returned nearly 90% of the stolen funds within a week. About 5,152 ETH, worth roughly $17.6 million at the time, was transferred back to Cream Finance's multi-signature wallet.
This kind of post-exploit return raises a recurring question: why steal only to give it back? The most practical explanation is that on-chain fund movements are permanently visible. The risk of attempting to spend or launder large stolen amounts — particularly when the exploit is being actively investigated — often outweighs the benefit of keeping the funds. Returning the money, paradoxically, becomes the safer option.
What This Tells Us
Cream Finance was exploited twice in the same year through different vectors. The second attack illustrates a risk that still catches protocols off guard: the interaction between standard lending logic and non-standard token implementations. When integrating tokens that implement callback hooks or deviate from the ERC-20 standard, every state mutation must be accounted for before any external call is made. In this case, it wasn't — and the cost was tens of millions of dollars.