Lossless is a Decentralized Finance (DeFi), security outfit that has helped in the recovery 5,152.6 Ether ( ETH) siphoned in the Cream Finance exploit in August.
Lossless tweeted Monday that white-hat security expert Pascal Caversaccio was crucial to the successful recovery and restitution of siphoned funds.
In August, Cream Finance, a DeFi lending protocol suffered a flash-loan attack totaling $19 million in Ethereum and Amp tokens. Cream claimed that it would pay the siphoned funds using fees collected from the protocol to compensate the affected users.
Detailing the asset retrieval process, Lossless stated that it used its extensive connections within the world of hackers to enable the return of the funds taken during the flash loan attack.Commenting on the recovery process, Dominykas A. van Otterlo, chief business development officer at Lossless told Cointelegraph:
“We managed to track down the hacker manually and retrieve the stolen funds for CREAM Finance. You could say it was sort of cyber detective work, not an easy task. Thanks to Pascal Caversaccio, one of our white hat hackers, who helped us to track down the hacker.”
Lossless also stated that the project is looking to launch a hack mitigation tool that will allow protocol developers to adopt a “hands-on” approach to preventing such malicious exploits of their platform.
Part of this mitigation will reportedly include a 24-hour freeze on suspicious transactions to allow time for robust investigations.
According to van Otterlo, Lossless is leveraging the project’s knowledge-base acquired while manually tracking down hackers. Lossless plans to offer security support for DeFi projects across the Ethereum, Polygon, and Binance Smart Chain networks, and deployment on layer-two protocols.
According to a Cream Finance statement from Oct. 1, Lossless and Caversaccio earned the 50% bug bounty from the successful fund recovery. “This is our first recovery of such scale,” Lossless tweeted in response to Cream Finance’s announcement.
DeFi platforms continue to fall victim to hackers and opportunistic profiteers who take advantage of vulnerabilities in smart contract codes to siphon funds from these projects.
Indeed, in August, Poly Network suffered a massive $610 million hack across multiple networks. The entity responsible eventually returned the stolen funds but the incident offered a pointer to the security loopholes prevalent in the DeFi space.
DeFi projects continue to offer bug bounties to white hat hackers to discover vulnerabilities that escaped the code auditing process. In September, white hat programmer Alexander Schlindwein reportedly received $1.05 million in bug bounty payments from Belt Finance.