Audit log

Every state-changing event for Cream Finance: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-31 06:59:08Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 423,324,496

   sig

   3yfHNj5zpbJp…DfMg9A5tcopyexplorer ↗

   hash

   HuHAtx3DKMkR…7sXcKbQjcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (22256 B) ▸

   {"actor":"system:backfill","investigation_id":"14c7a43c-cc9b-41a5-8640-2e93be161e60","kind":"publish","page_slug":"cream-finance","published_at":"2026-05-31T06:59:08.319Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Cream Finance","sections":[{"content":"C.R.E.A.M. Finance (Crypto Rules Everything Around Me) is a decentralized, open-source lending protocol that allows users to supply assets as collateral and borrow against them. The protocol launched in August 2020 on Ethereum, forked from Compound Finance's codebase, and later expanded to Binance Smart Chain and Fantom. Its governance token, CREAM, reached an all-time high of approximately $368 in February 2021. The protocol also launched the Iron Bank, a protocol-to-protocol undercollateralized lending service, in partnership with Yearn Finance. At its peak in early 2021, the protocol held over $2.1 billion in total value locked.","heading":"Protocol Overview","severity":"low","sources":[{"credibility":1,"name":"C.R.E.A.M. Finance Official Docs","type":"official","url":"https://docs.cream.finance/about"},{"credibility":2,"name":"DeFi Project Spotlight: Cream Finance — Crypto Briefing","type":"news","url":"https://cryptobriefing.com/defi-project-spotlight-small-cap-lending-platform-cream-finance/"}]},{"content":"On February 13, 2021, an attacker exploited the C.R.E.A.M. Iron Bank and Alpha Homora V2 in a coordinated flash loan attack, resulting in approximately $37.5 million in losses — at the time described as the largest flash loan exploit on record. The attacker obtained a $1.8 million USDC flash loan from Aave v2 and exploited a loophole in the undercollateralized lending mechanism that allowed Alpha Homora to draw uncollateralized sUSD from the Iron Bank. By cycling loans — borrowing, depositing the proceeds back, and immediately re-borrowing — the attacker extracted 13,244 ETH, $3.6 million USDC, $5.6 million USDT, and $4.2 million DAI. The total cost of the attack in gas fees was approximately $14,754. Alpha Finance subsequently acknowledged that 'Alpha Homora V2 product was the root cause' and patched the vulnerability. The two protocols entered a long-term repayment arrangement, with Alpha Homora committing 20% of its monthly reserves toward repayment and locking 50 million ALPHA tokens in escrow controlled by C.R.E.A.M.'s multisig.","heading":"Exploit 1: Iron Bank Flash Loan Attack (February 2021, $37.5M)","severity":"critical","sources":[{"credibility":1,"name":"DeFi Protocols Cream Finance, Alpha Exploited in Flash Loan Attack — CoinDesk","type":"news","url":"https://www.coindesk.com/markets/2021/02/13/defi-protocols-cream-finance-alpha-exploited-in-flash-loan-attack-375m-lost"},{"credibility":2,"name":"$37 Million DeFi Heist Cost Attackers Just $15,000 in Transaction Fees — Decrypt","type":"news","url":"https://decrypt.co/57660/a-37-million-defi-heist-cost-attackers-just-15000-in-transaction-fees"},{"credibility":2,"name":"Hack Track: Analysis of C.R.E.A.M. Finance Hack — Merkle Science","type":"research","url":"https://www.merklescience.com/blog/hack-track-analysis-of-c-r-e-a-m-finance-hack"},{"credibility":1,"name":"Joint Announcement on Funds Repayment — C.R.E.A.M. Medium","type":"official","url":"https://medium.com/cream-finance/joint-announcement-on-funds-repayment-a7d63870f7d6"}]},{"content":"On August 30, 2021, the C.R.E.A.M. V1 market on Ethereum suffered a reentrancy exploit that drained 2,804.96 ETH and 462,079,976 AMP tokens, with total losses estimated between $18.8 million and $25 million depending on AMP's market price at the time. The vulnerability arose from C.R.E.A.M.'s integration of the AMP token, which implements the ERC-777 standard rather than the more common ERC-20. ERC-777 includes a tokensReceived() callback hook that fires during token transfers and notifies the receiving contract. The AMP contracts themselves functioned as designed; the vulnerability was in C.R.E.A.M.'s failure to guard against reentrancy during the callback. The attacker's contract exploited the tokensReceived() hook to call C.R.E.A.M.'s borrow() function a second time before the initial borrow transaction had updated the protocol's internal state, effectively allowing the attacker to borrow more than their collateral permitted. This cycle was repeated across 17 separate transactions. A copycat attacker subsequently exploited the same unfixed vulnerability for a smaller amount in the same block window. The C.R.E.A.M. team published a post-mortem and acknowledged the integration oversight.","heading":"Exploit 2: AMP Token Reentrancy Bug (August 2021, ~$18.8M)","severity":"critical","sources":[{"credibility":1,"name":"DeFi Protocol Cream Finance Hacked for Second Time This Year — CoinDesk","type":"news","url":"https://www.coindesk.com/business/2021/08/30/defi-protocol-cream-finance-hacked"},{"credibility":2,"name":"Explained: The CREAM Finance Hack (August 2021) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-cream-finance-hack-august-2021"},{"credibility":2,"name":"Reentrancy Attack on Cream Finance — Incident Analysis (Inspex)","type":"research","url":"https://inspexco.medium.com/reentrancy-attack-on-cream-finance-incident-analysis-1c629686b6f5"},{"credibility":1,"name":"C.R.E.A.M. Finance Post Mortem: AMP Exploit","type":"official","url":"https://medium.com/cream-finance/c-r-e-a-m-finance-post-mortem-amp-exploit-6ceb20a630c5"},{"credibility":2,"name":"Cream Finance DeFi Platform Loses $19M in a Flash Loan Hack — CoinTelegraph","type":"news","url":"https://cointelegraph.com/news/cream-finance-defi-platform-loses-19m-in-a-flash-loan-hack"}]},{"content":"On October 27, 2021, C.R.E.A.M. Finance suffered its largest and most technically complex exploit, losing approximately $130 million in a combined economic and oracle manipulation attack. The attack was executed by two coordinated addresses across 68 different token transfers and consumed over 9 ETH in gas fees. Address A flash-borrowed $500 million DAI from MakerDAO and deposited it into Curve's yPool, converting it to yDAI and then to yUSD via the Yearn yUSD vault; Address B flash-borrowed $2 billion in ETH from Aave V2 to use as collateral. The core manipulation targeted C.R.E.A.M.'s price oracle for yUSDVault tokens: the protocol calculated the price of crYUSD by dividing the vault's total assets by the circulating supply of yUSD tokens. By withdrawing approximately $500 million worth of yUSD from the vault — collapsing the circulating supply — and then depositing a small amount of yCRV directly into the vault, the attacker effectively doubled the reported price-per-share of yUSD tokens from 1 to 2. This inflated Address A's crYUSD collateral from approximately $1.5 billion to $3 billion in reported value, providing more than enough collateral to drain C.R.E.A.M.'s entire available lending pool across all assets. After repaying the flash loans, the attacker retained approximately $130 million in various cryptocurrencies. Yearn Finance partners recovered $9.42 million that the attacker had deposited into a Yearn vault. The team offered a 10% bug bounty for the return of remaining funds; no further recovery was reported.","heading":"Exploit 3: yUSD Oracle Manipulation (October 2021, $130M)","severity":"critical","sources":[{"credibility":1,"name":"Cream Finance Exploited in Flash Loan Attack Worth Over $100M — CoinDesk","type":"news","url":"https://www.coindesk.com/business/2021/10/27/cream-finance-exploited-in-flash-loan-attack-worth-over-100m"},{"credibility":1,"name":"DeFi Protocol Cream Finance Loses $130 Million — Bloomberg","type":"news","url":"https://www.bloomberg.com/news/articles/2021-10-27/defi-protocol-cream-finance-loses-130-million-in-latest-hack"},{"credibility":2,"name":"Explained: The CREAM Finance Hack (October 2021) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-cream-finance-hack-october-2021"},{"credibility":2,"name":"Hack Analysis: Cream Finance Oct 2021 — Immunefi","type":"research","url":"https://medium.com/immunefi/hack-analysis-cream-finance-oct-2021-fc222d913fc5"},{"credibility":1,"name":"C.R.E.A.M. Finance Post Mortem: Flash Loan Exploit Oct 27","type":"official","url":"https://medium.com/cream-finance/post-mortem-exploit-oct-27-507b12bb6f8e"},{"credibility":2,"name":"Cream Finance Suffers Third Hack — Decrypt","type":"news","url":"https://decrypt.co/84590/cream-finance-suffers-third-hack-losing-over-130-million"}]},{"content":"Following the October 2021 exploit, the C.R.E.A.M. team suspended all Ethereum V1 market interactions and locked crToken transfers to prevent further losses. The team committed to a repayment plan in which 1,453,415 CREAM governance tokens — representing the entire remaining team token allocation — were made available to impacted users on a pro-rata basis. Users had one year to claim their share. The release of this compensation plan caused an immediate further decline in the CREAM token price, which fell to approximately $53 shortly after the announcement. For the February 2021 exploit, the team arranged a long-term structured repayment plan with Alpha Homora rather than direct user compensation. The team also indicated it would focus its remaining development efforts on growing the Iron Bank's protocol-to-protocol lending service. The exploiter of the October 2021 attack was later observed converting $1.75 million in stolen funds to Bitcoin in September 2022, suggesting the attacker retained the majority of stolen funds.","heading":"Team Response and Victim Compensation","severity":"high","sources":[{"credibility":2,"name":"CREAM Team Gives Up Future Payouts Following Hack — The Defiant","type":"news","url":"https://thedefiant.io/news/defi/cream-exploit-compensation"},{"credibility":2,"name":"Cream Plunges on News That Hack Compensation Will Inflate Token Supply — Yahoo Finance","type":"news","url":"https://finance.yahoo.com/news/cream-plunges-news-hack-compensation-010452465.html"},{"credibility":1,"name":"Cream Finance Exploiter Converts $1.75M in Stolen Funds to Bitcoin — CoinDesk","type":"news","url":"https://www.coindesk.com/tech/2022/09/12/cream-finance-exploiter-converts-175m-in-stolen-funds-to-bitcoin"}]},{"content":"Jeffrey Huang, also known by his online handle 'Machi Big Brother,' founded C.R.E.A.M. Finance in 2019 and stepped back from the project around the time of its Yearn Finance merger. Huang is a Taiwanese-American entrepreneur who previously found success as a founding member of pop/rap group L.A. Boyz and as the founder of M17 Media, a live-streaming app. In June 2022, on-chain researcher ZachXBT published an investigation alleging that Huang had embezzled approximately 22,000 ETH (then worth around $37 million) from Formosa Financial, a project that raised $23 million in an ICO in 2018. The investigation traced alleged fund flows from the Formosa treasury to individuals connected to Huang's circle, including Bun Hsu and Czhang Lin, who were also alleged to have been involved in C.R.E.A.M.'s development team. ZachXBT also alleged that Huang orchestrated an artificial inflation of votes in Binance's 2018 community coin listing competition on behalf of the Mithril (MITH) project. Huang filed a defamation lawsuit against ZachXBT in response to the article; he subsequently dropped the lawsuit. These allegations remain unproven in court. Co-founder Leo Cheng, who holds an MBA from University of Michigan, served as project lead after Huang's departure and was the primary public face of the protocol through 2021.","heading":"Founder Controversy: Jeffrey Huang (Machi Big Brother) Allegations","severity":"high","sources":[{"credibility":2,"name":"A Story of Machi Big Brother (Jeff Huang) — ZachXBT","type":"research","url":"https://medium.com/@investigationsbyzachxbt/a-story-of-machi-big-brother-jeff-huang-a1ad073fcfa8"},{"credibility":2,"name":"ZachXBT, Machi Big Brother Defamation Suit Has Been Dropped — Blockworks","type":"news","url":"https://blockworks.co/news/jeffrey-huang-zachxbt-defamation"},{"credibility":2,"name":"Jeffrey Huang — IQ.wiki","type":"research","url":"https://iq.wiki/wiki/jeffrey-huang"}]},{"content":"Following the October 2021 exploit, C.R.E.A.M. Finance experienced a severe and sustained decline in user activity and total value locked. TVL dropped from approximately $2.1 billion in early 2021 to under $400 million by March 2022, an 82% decline. The CREAM governance token fell over 88% from its all-time high of approximately $368 to around $41 by March 2022. Active development on the protocol's GitHub repositories became increasingly sparse through 2022, with the last significant commit activity recorded around August 2023. The protocol's Medium blog showed no meaningful updates after January 2022. As of 2025, the protocol's TVL sits below $3 million according to DeFi Llama data. The Iron Bank, while architecturally separate, has also experienced minimal traction. C.R.E.A.M. Finance is widely regarded within the DeFi community as a legacy protocol operating in a near-dormant state. No new audits, product launches, or substantive governance proposals have been publicly announced since 2022.","heading":"Protocol Decline and Current Status","severity":"high","sources":[{"credibility":3,"name":"Cream Finance TVL Showing No Signs of Recovery — Bitcoin Exchange Guide","type":"research","url":"https://bitcoinexchangeguide.com/cream-finance-tvl-showing-no-signs-of-recovery-down-over-75-since-the-hack/"},{"credibility":1,"name":"CREAM Finance TVL Stats — DefiLlama","type":"onchain","url":"https://defillama.com/protocol/cream-finance"},{"credibility":1,"name":"Cream Finance — GitHub","type":"official","url":"https://github.com/CreamFi"}]},{"content":"The Iron Bank is a protocol-to-protocol lending facility launched by C.R.E.A.M. Finance in collaboration with Yearn Finance. Unlike standard DeFi lending, the Iron Bank extended uncollateralized or undercollateralized credit lines to whitelisted smart contract protocols, enabling more capital-efficient DeFi composability. The February 2021 exploit directly targeted the Iron Bank's lending mechanism via Alpha Homora V2. Following C.R.E.A.M.'s series of exploits, the Iron Bank attempted to separate its identity from the broader Cream Finance brand, though the two remained architecturally and operationally linked. The Iron Bank's exposure in the February 2021 attack raised questions about the systemic risk of uncollateralized protocol-to-protocol lending as a DeFi primitive.","heading":"Iron Bank Ecosystem Connection","severity":"medium","sources":[{"credibility":2,"name":"Hackers Steal $130 Million From Cream Finance — Recorded Future","type":"news","url":"https://therecord.media/hackers-steal-130-million-from-cream-finance-the-companys-3rd-hack-this-year"},{"credibility":1,"name":"DeFi Protocols Cream Finance, Alpha Exploited — Nasdaq","type":"news","url":"https://www.nasdaq.com/articles/defi-protocols-cream-finance-alpha-exploited-in-flash-loan-attack-$37.5m-lost-2021-02-13"}]}],"sources_used":[{"name":"C.R.E.A.M. Finance Post Mortem: Flash Loan Exploit Oct 27","type":"official","url":"https://medium.com/cream-finance/post-mortem-exploit-oct-27-507b12bb6f8e"},{"name":"C.R.E.A.M. Finance Post Mortem: AMP Exploit","type":"official","url":"https://medium.com/cream-finance/c-r-e-a-m-finance-post-mortem-amp-exploit-6ceb20a630c5"},{"name":"Joint Announcement on Funds Repayment — C.R.E.A.M. Medium","type":"official","url":"https://medium.com/cream-finance/joint-announcement-on-funds-repayment-a7d63870f7d6"},{"name":"DeFi Protocol Cream Finance Loses $130 Million — Bloomberg","type":"news_article","url":"https://www.bloomberg.com/news/articles/2021-10-27/defi-protocol-cream-finance-loses-130-million-in-latest-hack"},{"name":"Cream Finance Exploited in Flash Loan Attack Worth Over $100M — CoinDesk","type":"news_article","url":"https://www.coindesk.com/business/2021/10/27/cream-finance-exploited-in-flash-loan-attack-worth-over-100m"},{"name":"DeFi Protocols Cream Finance, Alpha Exploited in Flash Loan Attack — CoinDesk","type":"news_article","url":"https://www.coindesk.com/markets/2021/02/13/defi-protocols-cream-finance-alpha-exploited-in-flash-loan-attack-375m-lost"},{"name":"DeFi Protocol Cream Finance Hacked for Second Time This Year — CoinDesk","type":"news_article","url":"https://www.coindesk.com/business/2021/08/30/defi-protocol-cream-finance-hacked"},{"name":"Explained: The CREAM Finance Hack (October 2021) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-cream-finance-hack-october-2021"},{"name":"Explained: The CREAM Finance Hack (August 2021) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-cream-finance-hack-august-2021"},{"name":"Hack Analysis: Cream Finance Oct 2021 — Immunefi","type":"research","url":"https://medium.com/immunefi/hack-analysis-cream-finance-oct-2021-fc222d913fc5"},{"name":"Reentrancy Attack on Cream Finance — Inspex","type":"research","url":"https://inspexco.medium.com/reentrancy-attack-on-cream-finance-incident-analysis-1c629686b6f5"},{"name":"Cream Finance Suffers Third Hack, Loses Over $130 Million — Decrypt","type":"news_article","url":"https://decrypt.co/84590/cream-finance-suffers-third-hack-losing-over-130-million"},{"name":"A Story of Machi Big Brother (Jeff Huang) — ZachXBT","type":"research","url":"https://medium.com/@investigationsbyzachxbt/a-story-of-machi-big-brother-jeff-huang-a1ad073fcfa8"},{"name":"ZachXBT, Machi Big Brother Defamation Suit Has Been Dropped — Blockworks","type":"news_article","url":"https://blockworks.co/news/jeffrey-huang-zachxbt-defamation"},{"name":"Cream Finance Exploiter Converts $1.75M in Stolen Funds to Bitcoin — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2022/09/12/cream-finance-exploiter-converts-175m-in-stolen-funds-to-bitcoin"},{"name":"CREAM Finance TVL Stats — DefiLlama","type":"on_chain","url":"https://defillama.com/protocol/cream-finance"},{"name":"CREAM Team Gives Up Future Payouts Following Hack — The Defiant","type":"news_article","url":"https://thedefiant.io/news/defi/cream-exploit-compensation"},{"name":"Hackers Steal $130 Million From Cream Finance — Recorded Future","type":"news_article","url":"https://therecord.media/hackers-steal-130-million-from-cream-finance-the-companys-3rd-hack-this-year"},{"name":"Cream Finance DeFi Platform Loses $19M in a Flash Loan Hack — CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/news/cream-finance-defi-platform-loses-19m-in-a-flash-loan-hack"},{"name":"Hack Track: Analysis of C.R.E.A.M. Finance Hack — Merkle Science","type":"research","url":"https://www.merklescience.com/blog/hack-track-analysis-of-c-r-e-a-m-finance-hack"}],"summary":"C.R.E.A.M. Finance is a decentralized lending protocol that launched on Ethereum in August 2020, originally forked from Compound Finance. The protocol suffered three major exploits across 2021, losing approximately $186 million in total user funds, and has been effectively dormant since early 2022 with minimal development activity and a TVL that collapsed from over $2 billion to under $3 million.","timeline":[{"date":"2020-08-01","event":"C.R.E.A.M. Finance launches on Ethereum, forked from Compound Finance. Jeffrey Huang and Leo Cheng are founders.","source":"C.R.E.A.M. Finance Medium","source_url":"https://medium.com/cream-finance/announcing-3792e4ad75a1"},{"date":"2021-02-04","event":"CREAM governance token reaches all-time high of approximately $368.","source":"CoinMarketCap","source_url":"https://coinmarketcap.com/currencies/cream-finance/"},{"date":"2021-02-13","event":"First major exploit: Iron Bank and Alpha Homora V2 attacked via flash loan, approximately $37.5 million stolen. Largest flash loan exploit on record at the time.","source":"CoinDesk","source_url":"https://www.coindesk.com/markets/2021/02/13/defi-protocols-cream-finance-alpha-exploited-in-flash-loan-attack-375m-lost"},{"date":"2021-08-30","event":"Second exploit: AMP token ERC-777 reentrancy bug exploited across 17 transactions, draining 2,804.96 ETH and 462,079,976 AMP tokens (~$18.8M). A copycat attacker exploits the same unfixed vulnerability in the same period.","source":"CoinDesk","source_url":"https://www.coindesk.com/business/2021/08/30/defi-protocol-cream-finance-hacked"},{"date":"2021-10-27","event":"Third and largest exploit: yUSD oracle price manipulation via flash-borrowed DAI and ETH allows attacker to drain approximately $130 million across 68 asset types. Largest DeFi flash loan hack recorded at the time.","source":"Bloomberg","source_url":"https://www.bloomberg.com/news/articles/2021-10-27/defi-protocol-cream-finance-loses-130-million-in-latest-hack"},{"date":"2021-11-01","event":"C.R.E.A.M. team announces repayment plan: 1,453,415 CREAM tokens (entire team allocation) distributed to exploit victims. CREAM price declines sharply on the news.","source":"The Defiant","source_url":"https://thedefiant.io/news/defi/cream-exploit-compensation"},{"date":"2022-06-01","event":"ZachXBT publishes investigation alleging founder Jeffrey Huang embezzled approximately 22,000 ETH from the Formosa Financial ICO treasury and orchestrated fake voting in the 2018 Binance listing competition for Mithril.","source":"ZachXBT / Medium","source_url":"https://medium.com/@investigationsbyzachxbt/a-story-of-machi-big-brother-jeff-huang-a1ad073fcfa8"},{"date":"2022-09-12","event":"October 2021 exploit attacker converts $1.75 million in stolen funds to Bitcoin; the majority of the $130M remains unrecovered.","source":"CoinDesk","source_url":"https://www.coindesk.com/tech/2022/09/12/cream-finance-exploiter-converts-175m-in-stolen-funds-to-bitcoin"},{"date":"2023-01-01","event":"Jeffrey Huang drops defamation lawsuit against ZachXBT over the June 2022 article.","source":"Blockworks","source_url":"https://blockworks.co/news/jeffrey-huang-zachxbt-defamation"},{"date":"2023-08-05","event":"Last significant commit activity observed on Cream Finance GitHub repositories. Protocol enters effectively dormant state.","source":"GitHub — CreamFi","source_url":"https://github.com/CreamFi"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 8fcb1662-10ba-428f-848d-e1d2ecd0a31ecopy