Crypto Hacks and Scams — #3 on the list

inSure DeFi
3 min readNov 23, 2021

You own, invest, and stake your crypto to develop your wealth, but this Web3.0 ecosystem, although transparent, is completely unregulated. It is the Wild Wild West — and everyone is fending for themselves. So how do you ensure that someone else cannot simply take your digital finances without peace of mind that you could get it back? Insurance. Period.

Image adapted from news

We have encountered many who ask “what is the real need for an insurance token?”, “why would I need such a protection for my “de-finances”, given the various wallet security measures, mnemonic/recovery phrases and authentications protecting my wallets or holdings?

Well, the fact is, one of life, that there is always a risk and these risks are especially pronounced in the unregulated Web 3.0 ecosystem.

So let’s take a brief look at some fairly big hacks and scams documented by Rekt and how they were executed, and you might then just think again:

At #3: ~$130,000,000 stolen from Cream Finance (CREAM).

Reason for attack?: Poor security and operations protocol after project acquisition/merger. A “fast fork” resulting in ecosystem becoming susceptibile to hacks.
Recently, the Yearn Finance (YFI) team has been aggressively acquiring numerous DeFi projects as the team expands their ecosystem. While these decisions largely affect ecosystem token holders, Governance votes have not always been offered by the ecosystem to the community, raising questions amongst DeFi enthusiasts of whether lack of decentralised voting and distribution of control should be held accountable by underlying ecosystems. Cream Finance was a late 2020 acquisition by YFI. The hack shortly followed, with stolen funds totalling over $130 million USD’s worth across various token streams:

Image sourced from SlowMist Team analytics

The hacker(s) were able to manipulate vaulted, collateralised finance and accumulated higher value via repeated loaning and lending which took advantage of pricing vulnerability within the system, creating a hugely overvalued amount of collateral at hand. A sequential “borrowing/deposit loop” between two wallets (wallet 1 and wallet 2) followed, which was a much more complex procedure than the average hack, as noted by the YFI team. yDAI was then acquired to mint yUSD and further “looped” transactions took place, taking advantage of an insecure yUSD vault. After the hackers acquired a huge amount of tokenised collateral, repayed the borrowed amounts and redeemed the hacked benefits, the funds were pulled-out and distributed via various mechanisms for the “final salvage”.

CREAM.Finance team responded with a message:

you win. we’re rekt. please return funds and we will honor a 10% bounty.

Who loses out? Token holders, community members and network users. Interestingly, a quick look at the pricing history chart around the same dates as the hack reveals the effect of the event on project pricing = token devaluation.

So, potential risk mitigation methods for token holders to avoid the consequences of such an event? Well, DeFi insurance can ensure that your defi investments and portfolios are supported and compensated, if need be, by a trusted, transparent community.

Nobody’s de-finances are 100% safe in the current wild web 3.0 crypto space. Insure with #SURE.

We are part of the inSure DeFi community.

About inSure DeFi

inSure DeFi is a Decentralized Insurance Ecosystem, partnered with Chainlink, trusted by thousands of community members to protect their crypto portfolios from scams, exchange closures, and drastic devaluations. inSure DeFi provides insurance solutions for the crypto space to stabilize and secure Crypto & DeFi portfolios.

Fast. Transparent. Future.

To learn more about inSure DeFi go to or follow us on Twitter and Telegram.

Official Links:

Website | Medium | LinkedIn | Facebook | Twitter | Telegram Channel | Telegram Group



inSure DeFi

Offering a way to insure your crypto portfolio. DeFi Insurance System. Utility value token and beyond