Audit log

Every state-changing event for Cream Finance v2: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-30 13:04:27Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 423,162,047

   sig

   2hxjf3BXzK3G…FkSBskYncopyexplorer ↗

   hash

   8CJpaNavBwEt…2Fc2n45Ncopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (25827 B) ▸

   {"actor":"system:backfill","investigation_id":"89a90aa0-5d70-4f30-8900-b8a380113a46","kind":"publish","page_slug":"cream-finance-v2","published_at":"2026-05-30T13:04:27.001Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Cream Finance v2","sections":[{"content":"C.R.E.A.M. Finance (Crypto Rules Everything Around Me) is a decentralized finance lending and borrowing protocol that launched on Ethereum mainnet on August 3, 2020 with a mining pool called YOLO Alpha. The protocol was co-founded by Leo Cheng and Jeffrey Huang. Cheng previously worked at Apple, American Express, and Belkin and co-founded blockchain consultancy Blockstate. Huang is known as the creator of Machi 17, a Taiwanese social media platform. Cream Finance is a fork of Compound Finance's codebase, with added support for a wider variety of collateral assets including LP tokens and yield-bearing vault shares. In November 2020, Cream deepened an integration with Yearn Finance that resulted in the jointly developed Iron Bank — a protocol-to-protocol uncollateralized lending facility allowing whitelisted DeFi protocols to borrow without posting overcollateral. This integration created systemic dependencies that later contributed directly to the October 2021 exploit.","heading":"Protocol Overview","severity":"medium","sources":[{"credibility":2,"name":"Coinbureau: Cream Finance Review","type":"research","url":"https://coinbureau.com/review/cream-finance"},{"credibility":1,"name":"Introducing The Iron Bank — Part II: The Road to Cream v2","type":"official","url":"https://creamdotfinance.medium.com/introducing-the-iron-bank-bab9417c9a"},{"credibility":2,"name":"Jeffrey Huang — Founder @ Cream Finance (Crunchbase)","type":"other","url":"https://www.crunchbase.com/person/jeffrey-huang"}]},{"content":"On February 13, 2021, Cream Finance's Iron Bank was targeted alongside Alpha Finance's Alpha Homora v2 protocol in a coordinated flash loan exploit resulting in approximately $37.5 million in losses. The attacker exploited the uncollateralized protocol-to-protocol lending relationship between Alpha Homora v2 and Cream's Iron Bank. By manipulating Alpha Homora's 'spell' smart contracts — which governed how the protocol interacted with Iron Bank — the attacker was able to execute more than nine transactions, repeatedly cycling borrowed assets to accumulate unsustainable debt. Individual user funds were not directly drained in this incident; the losses represented protocol-level insolvency within the Alpha Homora–Cream Iron Bank credit relationship. The teams announced they were working jointly to address the resulting bad debt. The CREAM token dropped approximately 30% in the hour following public disclosure of the hack.","heading":"First Incident: February 2021 — Iron Bank / Alpha Homora Exploit ($37.5M)","severity":"high","sources":[{"credibility":1,"name":"CoinDesk: DeFi Protocols Cream Finance, Alpha Exploited in Flash Loan Attack; $37.5M Lost","type":"news_article","url":"https://www.coindesk.com/markets/2021/02/13/defi-protocols-cream-finance-alpha-exploited-in-flash-loan-attack-375m-lost"},{"credibility":2,"name":"CoinTelegraph: Alpha Homora loses $37 million following Iron Bank exploit","type":"news_article","url":"https://cointelegraph.com/news/alpha-homora-loses-37-million-following-iron-bank-exploit"},{"credibility":2,"name":"The Defiant: CREAM and Alpha Finance Get Hacked for $37.5M","type":"news_article","url":"https://thedefiant.io/cream-and-alpha-finance-get-hacked-for-37-5m"}]},{"content":"On August 30–31, 2021, Cream Finance was exploited for 462,079,976 AMP tokens and 2,804.96 ETH — an amount reported variously between $18.8 million and $29 million depending on token prices at time of reporting. The vulnerability stemmed from how Cream Finance integrated the AMP token, which implements an ERC-777-like token standard. AMP's contract includes a _callPostTransferHooks mechanism that calls a tokensReceived() hook on the recipient during token transfers. Cream's borrow() function did not include a reentrancy guard compatible with this hook. As a result, the attacker was able to nest a second borrow() call inside the token transfer before the first borrow's state update completed, enabling the extraction of more collateral value than was deposited. The attacker executed the exploit in multiple loops across 17 transactions, each time supplying ETH, borrowing AMP, triggering the reentrancy to re-borrow ETH against the same collateral, and self-liquidating. Trail of Bits had audited Cream Finance in January 2021 prior to this event; their audit focused on oracle manipulation and borrowing cap issues, but did not flag the ERC-777 reentrancy risk that materialized in August. Following this hack, Cream pledged to allocate 20% of all protocol fees toward repayment of the stolen ETH and AMP.","heading":"Second Incident: August 2021 — AMP Token Reentrancy Exploit ($18.8M–$29M)","severity":"critical","sources":[{"credibility":1,"name":"C.R.E.A.M. Finance Post Mortem: AMP Exploit (official)","type":"official","url":"https://medium.com/cream-finance/c-r-e-a-m-finance-post-mortem-amp-exploit-6ceb20a630c5"},{"credibility":2,"name":"Halborn: Explained — The CREAM Finance Hack (August 2021)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-cream-finance-hack-august-2021"},{"credibility":2,"name":"Inspex: Reentrancy Attack on Cream Finance — Incident Analysis","type":"research","url":"https://inspexco.medium.com/reentrancy-attack-on-cream-finance-incident-analysis-1c629686b6f5"},{"credibility":1,"name":"CoinDesk: DeFi Protocol Cream Finance Hacked for Second Time This Year","type":"news_article","url":"https://www.coindesk.com/business/2021/08/30/defi-protocol-cream-finance-hacked"},{"credibility":1,"name":"Trail of Bits Audit of C.R.E.A.M. v1, v2 Iron Bank (January 2021)","type":"official","url":"https://medium.com/cream-finance/trailofbits-audit-202101-en-291bdb904d32"}]},{"content":"On October 27, 2021 at approximately 13:54 UTC, a sophisticated attacker drained approximately $130 million from Cream Finance's Ethereum v1 lending markets. The exploit combined two interacting vulnerabilities: a manipulatable hybrid price oracle and an uncapped yUSD token supply that allowed fictitious collateral amplification. The attack unfolded across a 16-step sequence. The attacker flash minted $500 million in DAI from MakerDAO and converted it through Yearn's Curve 4-Pool into yUSD vault tokens, which were deposited into Cream as collateral to mint crYUSD. In parallel, a second address flash loaned 500,000 ETH from Aave v2. The crYUSD tokens were repeatedly transferred between the two attacker-controlled addresses to accumulate approximately $1.5 billion in apparent crYUSD collateral while only committing the original asset amount. The critical oracle manipulation step involved transferring approximately $10 million of Yearn 4-Curve LP tokens directly to the yUSD vault contract — bypassing the vault's accounting functions — which caused the vault's pricePerShare to approximately double, since the ERC-20 balanceOf call reports the yUSD vault as owning more LP tokens than the vault's internal accounting recorded. Cream's PriceOracleProxy calculated yUSD collateral value using this inflated pricePerShare, causing the protocol to believe the attacker's $1.5 billion in crYUSD was worth approximately $3 billion. The attacker then borrowed all remaining available liquidity — approximately $130 million across 68 different token markets — repaid the flash loans, and exited with the net profit. The transaction cost over 9 ETH in gas fees. Yearn Finance subsequently recovered $9.42 million that the attacker had transferred to the yUSD vault during the manipulation step and remitted those funds to the Cream multisig. Cream fixed the vulnerability within approximately six hours by halting all Ethereum v1 market interactions and locking crToken transfers. The on-chain attack transaction hash is 0x0fe2542079644e107cbf13690eb9c2c65963ccb79089ff96bfaf8dced2331c92.","heading":"Third and Largest Incident: October 2021 — Flash Loan Oracle Manipulation ($130M)","severity":"critical","sources":[{"credibility":1,"name":"C.R.E.A.M. Finance Post Mortem: Flash Loan Exploit Oct 27 (official)","type":"official","url":"https://medium.com/cream-finance/post-mortem-exploit-oct-27-507b12bb6f8e"},{"credibility":2,"name":"Immunefi: Hack Analysis — Cream Finance Oct 2021","type":"research","url":"https://medium.com/immunefi/hack-analysis-cream-finance-oct-2021-fc222d913fc5"},{"credibility":2,"name":"Halborn: Explained — The CREAM Finance Hack (October 2021)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-cream-finance-hack-october-2021"},{"credibility":1,"name":"Bloomberg: DeFi Protocol Cream Finance Loses $130 Million in Latest Crypto Hack","type":"news_article","url":"https://www.bloomberg.com/news/articles/2021-10-27/defi-protocol-cream-finance-loses-130-million-in-latest-hack"},{"credibility":1,"name":"The Record: Hackers steal $130 million from Cream Finance; the company's 3rd hack this year","type":"news_article","url":"https://therecord.media/hackers-steal-130-million-from-cream-finance-the-companys-3rd-hack-this-year"},{"credibility":2,"name":"ImmuneBytes: Cream Finance Exploit Oct 27, 2021 — Detailed Analysis","type":"research","url":"https://www.immunebytes.com/blog/cream-finance-exploit-oct-27-2021-detailed-analysis/"},{"credibility":1,"name":"Yearn Security Disclosure: 2021-10-27","type":"official","url":"https://github.com/yearn/yearn-security/blob/master/disclosures/2021-10-27.md"}]},{"content":"The three 2021 incidents collectively represent one of the most concentrated patterns of serial exploitation in DeFi history. Each attack exploited a structurally distinct vulnerability class: the February incident exploited uncollateralized protocol-to-protocol credit relationships; the August incident exploited ERC-777 reentrancy in a newly listed token; and the October incident exploited oracle price manipulation in a yield-bearing vault integration. The recurrence of flash-loan-enabled exploits despite prior audits suggests systemic weaknesses in how the protocol assessed risk from newly integrated tokens and external price oracles. Trail of Bits completed an audit of Cream v1 and v2 in January 2021 with specific focus on oracle manipulation and borrowing cap risks; the audit identified centralization concerns and documentation gaps, but the specific oracle path exploited in October 2021 — relying on a manipulable pricePerShare from an external Yearn vault — emerged from an integration added after the audit scope closed. All three attacks used flash loans to amplify capital far beyond what any organic user would possess, enabling manipulation of protocol state in a single atomic transaction. The combined estimated losses across all three 2021 incidents total approximately $185–195 million, placing Cream Finance among the five most-exploited DeFi protocols by aggregate losses in that year.","heading":"Serial Exploit Pattern and Security Failures","severity":"critical","sources":[{"credibility":2,"name":"Halborn: Explained — The CREAM Finance Hack (October 2021)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-cream-finance-hack-october-2021"},{"credibility":2,"name":"BeInCrypto: Cream Finance Suffers Third Flash Loan Exploit in 2021, Loses $130 Million","type":"news_article","url":"https://beincrypto.com/cream-finance-suffers-third-flash-loan-exploit-2021-loses-130-million/"},{"credibility":1,"name":"Trail of Bits Audit of C.R.E.A.M. v1, v2 Iron Bank","type":"official","url":"https://medium.com/cream-finance/trailofbits-audit-202101-en-291bdb904d32"}]},{"content":"Following the October 2021 exploit, Cream Finance offered the attacker a 10% bug bounty on condition of full fund return, a gesture the team honored in public communications. Yearn Finance recovered $9.42 million from the yUSD vault that the attacker had used as part of the price manipulation step; these funds were forwarded to the Cream multisig. Cream Finance's team disclosed that 1.45 million CREAM governance tokens that had been reserved for team compensation would instead be distributed proportionally to uninsured victims, with approximately $68 million worth of CREAM tokens made available for victim repayment. The protocol also committed to directing a portion of future protocol fees toward repayment. The protocol suspended its Ethereum v1 markets and locked crToken transfers immediately following the exploit. The October 2021 hack was cited as the second-largest cryptocurrency theft of 2021, surpassed only by the Poly Network hack in August 2021. The CREAM token, which had peaked at $368 in February 2021, had declined approximately 88% from that all-time high by March 2022. Sixteen months after the October 2021 hack, in January 2023, on-chain monitoring detected the attacker moving 365.69 ETH (approximately $600,000 at that time) from wallet address 0x70747df6ac244979a2ae9ca1e1a82899d02bbea4 to a new address, suggesting the attacker still held a portion of the stolen funds. No criminal charges related specifically to the Cream Finance October 2021 exploit had been publicly disclosed as of the time of this investigation.","heading":"Compensation and Post-Hack Response","severity":"high","sources":[{"credibility":2,"name":"CryptoPotato: Hacked C.R.E.A.M. Finance Promises to Repay Users With Protocol Fees and Offers 10% Bounty Bug","type":"news_article","url":"https://cryptopotato.com/hacked-c-r-e-a-m-finance-promises-to-repay-users-with-protocol-fees-and-offers-10-bounty-bug/"},{"credibility":2,"name":"NewsBTC: Cream Finance Exploiter Moving Funds Over 16 Months After Hack, Here's Why","type":"news_article","url":"https://www.newsbtc.com/news/cream-finance-exploiter-moving-funds-over-16-months-after-hack-heres-why"},{"credibility":2,"name":"Crypto Adventure: Cream Finance Builds a Compensation Plan After Encountering a Hack","type":"news_article","url":"https://cryptoadventure.com/cream-finance-builds-a-compensation-plan-after-encountering-a-hack/"},{"credibility":2,"name":"Decrypt: Cream Finance Suffers Third Hack, Loses Over $130 Million","type":"news_article","url":"https://decrypt.co/84590/cream-finance-suffers-third-hack-losing-over-130-million"}]},{"content":"The October 2021 exploit exposed a structural risk category that has since affected multiple DeFi lending protocols: the use of yield-bearing vault shares as collateral when the vault's internal accounting can be manipulated via direct token transfers. Cream's PriceOracleProxy calculated the USD value of yUSDVault tokens using the formula (yUSD.pricePerShare * 4Pool price), where pricePerShare is derived from the vault's total LP token balance divided by total yUSD supply. Because the ERC-20 balanceOf function for the Curve 4-Pool token reflects direct transfers — not just vault-tracked deposits — an attacker could donate tokens directly to the vault contract to inflate the numerator without updating the vault's internal accounting. This is sometimes referred to as a 'donation attack' or 'token donation oracle manipulation.' The vulnerability required no privileged access, no governance manipulation, and no smart contract bug in the traditional sense; it arose from the composability of on-chain price oracle assumptions and ERC-20 token semantics. Security researchers at Immunefi and Halborn both noted in post-mortems that protocols relying on share-price oracles for vault tokens should implement time-weighted average price mechanisms or out-of-band price feeds to resist single-block manipulation. The Cream incident predates widespread adoption of these mitigations and is frequently cited in DeFi security literature as a canonical example of vault oracle manipulation risk.","heading":"Oracle Risk and Yield-Bearing Collateral Vulnerabilities","severity":"critical","sources":[{"credibility":2,"name":"Immunefi: Hack Analysis — Cream Finance Oct 2021","type":"research","url":"https://medium.com/immunefi/hack-analysis-cream-finance-oct-2021-fc222d913fc5"},{"credibility":2,"name":"Halborn: Explained — The CREAM Finance Hack (October 2021)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-cream-finance-hack-october-2021"},{"credibility":2,"name":"Andy Pavia / SwissBlock: Understanding the Cream Finance Hack","type":"research","url":"https://medium.com/@AndyPavia/swissblock-post-mortem-cream-finance-hack-7c1caff4335c"}]}],"sources_used":[{"credibility":1,"name":"C.R.E.A.M. Finance Post Mortem: Flash Loan Exploit Oct 27","type":"official","url":"https://medium.com/cream-finance/post-mortem-exploit-oct-27-507b12bb6f8e"},{"credibility":1,"name":"C.R.E.A.M. Finance Post Mortem: AMP Exploit","type":"official","url":"https://medium.com/cream-finance/c-r-e-a-m-finance-post-mortem-amp-exploit-6ceb20a630c5"},{"credibility":2,"name":"Immunefi: Hack Analysis — Cream Finance Oct 2021","type":"research","url":"https://medium.com/immunefi/hack-analysis-cream-finance-oct-2021-fc222d913fc5"},{"credibility":2,"name":"Halborn: Explained — The CREAM Finance Hack (October 2021)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-cream-finance-hack-october-2021"},{"credibility":2,"name":"Halborn: Explained — The CREAM Finance Hack (August 2021)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-cream-finance-hack-august-2021"},{"credibility":1,"name":"Bloomberg: DeFi Protocol Cream Finance Loses $130 Million in Latest Crypto Hack","type":"news_article","url":"https://www.bloomberg.com/news/articles/2021-10-27/defi-protocol-cream-finance-loses-130-million-in-latest-hack"},{"credibility":1,"name":"CoinDesk: Cream Finance Exploited in Flash Loan Attack Worth Over $100M","type":"news_article","url":"https://www.coindesk.com/business/2021/10/27/cream-finance-exploited-in-flash-loan-attack-worth-over-100m"},{"credibility":1,"name":"CoinDesk: DeFi Protocols Cream Finance, Alpha Exploited in Flash Loan Attack; $37.5M Lost","type":"news_article","url":"https://www.coindesk.com/markets/2021/02/13/defi-protocols-cream-finance-alpha-exploited-in-flash-loan-attack-375m-lost"},{"credibility":1,"name":"CoinDesk: DeFi Protocol Cream Finance Hacked for Second Time This Year","type":"news_article","url":"https://www.coindesk.com/business/2021/08/30/defi-protocol-cream-finance-hacked"},{"credibility":1,"name":"The Record: Hackers steal $130 million from Cream Finance; the company's 3rd hack this year","type":"news_article","url":"https://therecord.media/hackers-steal-130-million-from-cream-finance-the-companys-3rd-hack-this-year"},{"credibility":1,"name":"Yearn Security Disclosure: 2021-10-27","type":"official","url":"https://github.com/yearn/yearn-security/blob/master/disclosures/2021-10-27.md"},{"credibility":2,"name":"ImmuneBytes: Cream Finance Exploit Oct 27, 2021 — Detailed Analysis","type":"research","url":"https://www.immunebytes.com/blog/cream-finance-exploit-oct-27-2021-detailed-analysis/"},{"credibility":2,"name":"Inspex: Reentrancy Attack on Cream Finance — Incident Analysis","type":"research","url":"https://inspexco.medium.com/reentrancy-attack-on-cream-finance-incident-analysis-1c629686b6f5"},{"credibility":1,"name":"Trail of Bits Audit Announcement — C.R.E.A.M. Finance","type":"official","url":"https://medium.com/cream-finance/trailofbits-audit-202101-en-291bdb904d32"},{"credibility":2,"name":"Decrypt: Cream Finance Suffers Third Hack, Loses Over $130 Million","type":"news_article","url":"https://decrypt.co/84590/cream-finance-suffers-third-hack-losing-over-130-million"},{"credibility":2,"name":"NewsBTC: Cream Finance Exploiter Moving Funds Over 16 Months After Hack","type":"news_article","url":"https://www.newsbtc.com/news/cream-finance-exploiter-moving-funds-over-16-months-after-hack-heres-why"},{"credibility":2,"name":"BeInCrypto: Cream Finance Suffers Third Flash Loan Exploit in 2021","type":"news_article","url":"https://beincrypto.com/cream-finance-suffers-third-flash-loan-exploit-2021-loses-130-million/"},{"credibility":1,"name":"Introducing The Iron Bank — C.R.E.A.M. Finance Medium","type":"official","url":"https://creamdotfinance.medium.com/introducing-the-iron-bank-bab9417c9a"},{"credibility":2,"name":"CoinTelegraph: Alpha Homora loses $37 million following Iron Bank exploit","type":"news_article","url":"https://cointelegraph.com/news/alpha-homora-loses-37-million-following-iron-bank-exploit"},{"credibility":2,"name":"Andy Pavia / SwissBlock: Understanding the Cream Finance Hack","type":"research","url":"https://medium.com/@AndyPavia/swissblock-post-mortem-cream-finance-hack-7c1caff4335c"}],"summary":"Cream Finance (C.R.E.A.M.) is a decentralized lending protocol built on Ethereum, launched in August 2020 as a fork of Compound and Balancer. The protocol suffered three separate security breaches in 2021 totaling an estimated $185–195 million in losses, culminating in an October 27, 2021 flash loan attack on Cream v1 markets that drained approximately $130 million through oracle price manipulation of its yUSDVault integration with Yearn Finance. The serial nature of these incidents — involving flash loan exploits, reentrancy bugs, and oracle vulnerabilities across distinct attack vectors — established Cream Finance as one of the most frequently exploited DeFi protocols in the 2021 cycle.","timeline":[{"date":"2020-08-03","event":"Cream Finance launches on Ethereum mainnet with YOLO Alpha mining pool. CREAM governance token issued.","source":"CoinBureau Cream Finance Review","source_url":"https://coinbureau.com/review/cream-finance"},{"date":"2020-11-01","event":"Cream Finance and Yearn Finance announce partnership to jointly develop the Iron Bank, a protocol-to-protocol uncollateralized lending facility.","source":"Introducing The Iron Bank — Medium (C.R.E.A.M. Finance)","source_url":"https://creamdotfinance.medium.com/introducing-the-iron-bank-bab9417c9a"},{"date":"2021-01-27","event":"Trail of Bits completes security audit of Cream v1 and v2 Iron Bank, focusing on oracle manipulation and borrowing cap risks. Two significant issues identified: centralization of control and documentation gaps.","source":"Trail of Bits Audit Announcement — Cream Finance Medium","source_url":"https://medium.com/cream-finance/trailofbits-audit-202101-en-291bdb904d32"},{"date":"2021-02-04","event":"CREAM token reaches all-time high of approximately $368.","source":"Capital.com: Cream Finance price prediction","source_url":"https://capital.com/amp/cream-finance-price-prediction"},{"date":"2021-02-13","event":"First exploit: Flash loan attack on Cream Finance's Iron Bank via Alpha Homora v2 integration results in approximately $37.5 million in losses. CREAM token drops ~30% within one hour.","source":"CoinDesk: DeFi Protocols Cream Finance, Alpha Exploited in Flash Loan Attack","source_url":"https://www.coindesk.com/markets/2021/02/13/defi-protocols-cream-finance-alpha-exploited-in-flash-loan-attack-375m-lost"},{"date":"2021-08-31","event":"Second exploit: AMP token ERC-777 reentrancy attack drains 462,079,976 AMP tokens and 2,804.96 ETH, valued at approximately $18.8–29 million. Cream commits 20% of future protocol fees to repayment.","source":"C.R.E.A.M. Finance Post Mortem: AMP Exploit (official)","source_url":"https://medium.com/cream-finance/c-r-e-a-m-finance-post-mortem-amp-exploit-6ceb20a630c5"},{"date":"2021-10-08","event":"Cream Finance and Yearn Finance announce launch of Iron Bank on Fantom, deepening cross-chain integration.","source":"C.R.E.A.M. Finance x Yearn Finance Partnership — Smart Liquidity Research","source_url":"https://smartliquidity.info/2021/10/08/c-r-e-a-m-finance-x-yearn-finance-partnership-launching-the-iron-bank-on-fantom/"},{"date":"2021-10-27","event":"Third and largest exploit: Flash loan oracle manipulation via yUSDVault pricePerShare inflation drains approximately $130 million from Cream Ethereum v1 markets across 68 token types. Attack transaction: 0x0fe2542079644e107cbf13690eb9c2c65963ccb79089ff96bfaf8dced2331c92.","source":"C.R.E.A.M. Finance Post Mortem: Flash Loan Exploit Oct 27 (official)","source_url":"https://medium.com/cream-finance/post-mortem-exploit-oct-27-507b12bb6f8e"},{"date":"2021-10-27","event":"Cream Finance suspends all Ethereum v1 market interactions and locks crToken transfers within ~6 hours of the attack. Yearn Finance recovers $9.42M from yUSD vault and forwards to Cream multisig.","source":"Yearn Security Disclosure 2021-10-27","source_url":"https://github.com/yearn/yearn-security/blob/master/disclosures/2021-10-27.md"},{"date":"2021-11-01","event":"Cream Finance announces compensation plan: 1.45 million team CREAM tokens ($68M value) redistributed proportionally to uninsured hack victims. 10% bug bounty offered to attacker contingent on fund return.","source":"CryptoPotato: Hacked C.R.E.A.M. Finance Promises to Repay Users","source_url":"https://cryptopotato.com/hacked-c-r-e-a-m-finance-promises-to-repay-users-with-protocol-fees-and-offers-10-bounty-bug/"},{"date":"2022-03-15","event":"CREAM token trading at approximately $41, down ~88% from its February 2021 all-time high of $368.","source":"Capital.com: Cream Finance price prediction","source_url":"https://capital.com/amp/cream-finance-price-prediction"},{"date":"2023-01-30","event":"October 2021 exploit attacker moves 365.69 ETH (~$600,000) from known exploit wallet (0x70747df6ac244979a2ae9ca1e1a82899d02bbea4) to a new address, 16+ months after the hack.","source":"NewsBTC: Cream Finance Exploiter Moving Funds Over 16 Months After Hack","source_url":"https://www.newsbtc.com/news/cream-finance-exploiter-moving-funds-over-16-months-after-hack-heres-why"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision b2eb7865-cdf9-477a-af0e-3d117b9e1f1fcopy