Lossless, a decentralized finance, or DeFi, security outfit has assisted in the recovery of 5,152.6 Ether (ETH) siphoned during the Cream Finance exploit that occurred in August.
Tweeting on Monday, Lossless identified white hat security expert Pascal Caversaccio as being pivotal to the successful recovery of the siphoned funds.
As previously reported by Cointelegraph, DeFi lending protocol, Cream Finance suffered a flash loan attack to the tune of $19 million in ETH and Amp tokens back in August. Following the exploit, Cream stated that it would repay the siphoned funds via fees collected on the protocol to compensate affected users.
Detailing the asset retrieval process, Lossless stated that it used its extensive connections within the world of hackers to enable the return of the funds taken during the flash loan attack.
Commenting on the recovery process, Dominykas A. van Otterlo, chief business development officer at Lossless told Cointelegraph:
“We managed to track down the hacker manually and retrieve the stolen funds for CREAM Finance. You could say it was sort of cyber detective work, not an easy task. Thanks to Pascal Caversaccio, one of our white hat hackers, who helped us to track down the hacker.”
Lossless also stated that the project is looking to launch a hack mitigation tool that will allow protocol developers to adopt a “hands-on” approach to preventing such malicious exploits of their platform.
Part of this mitigation will reportedly include a 24-hour freeze on suspicious transactions to allow time for robust investigations.
According to van Otterlo, Lossless is leveraging the project’s knowledge-base acquired while manually tracking down hackers. Lossless plans to offer security support for DeFi projects across the Ethereum, Polygon, and Binance Smart Chain networks as well as plans for deployment on layer-two protocols.
According to a Cream Finance statement from Oct. 1, Lossless and Caversaccio earned the 50% bug bounty from the successful fund recovery. “This is our first recovery of such scale,” Lossless tweeted in response to Cream Finance’s announcement.
DeFi platforms continue to fall victim to hackers and opportunistic profiteers who take advantage of vulnerabilities in smart contract codes to siphon funds from these projects.
Indeed, in August, Poly Network suffered a massive $610 million hack across multiple networks. The entity responsible did eventually return the stolen funds but the incident offered a pointer to the security loopholes prevalent in the DeFi space.
DeFi projects continue to offer bug bounties to white hat hackers to discover vulnerabilities that escaped the code auditing process. In September, white hat programmer Alexander Schlindwein reportedly received $1.05 million in bug bounty payments from Belt Finance.