Cream Finance (CREAM) is a decentralized lending and borrowing protocol forked from Compound Finance that launched in August 2020 — providing crToken markets for a wider range of collateral assets than Compound (supporting Uniswap LP tokens, Yearn yVault tokens, and long-tail DeFi ERC-20s alongside mainstream assets) — notable for developing Iron Bank (a zero-collateral protocol-to-protocol institutional credit line for whitelisted smart contracts like Yearn Finance and Alpha Homora), and for suffering three successive hacks totaling over $178 million (February 2021: $29M AMP reentrancy; August 2021: $18.8M oracle manipulation; October 2021: $130M nested crToken price oracle attack), making Cream the most-exploited major DeFi lending protocol and a cautionary example of the systemic risks of permissive asset listing.
| Stat | Value |
|---|---|
| Ticker | CREAM |
| Price | $0.70 |
| Market Cap | $1.62M |
| 24h Change | +1.5% |
| Circulating Supply | 2.32M CREAM |
| Max Supply | 9.00M CREAM |
| All-Time High | $374.10 |
| Contract (Ethereum) | 0x2ba5...b200 |
| Contract (Fantom) | 0x657a...cbc6 |
| Contract (Near Protocol) | 2ba592...near |
| Contract (Energi) | 0x1cca...d3bf |
| Contract (Sora) | 0x0052...1410 |
| Contract (Arbitrum One) | 0xf4d4...7234 |
How It Works
- crToken lending model — Mirroring Compound, Cream uses crTokens: depositing USDC returns crUSDC; depositing ETH returns crETH. crTokens appreciate as interest accrues. Borrowers post crToken collateral and borrow up to a protocol-set collateral factor.
- Long-tail asset support — Cream’s primary differentiation: accepting Uniswap LP tokens, Yearn vault tokens (yvDAI, yvUSDC), and many smaller DeFi token markets as collateral. This attracted riskier but higher-yield opportunities.
- Iron Bank — The protocol-to-protocol credit facility. Whitelisted smart contracts (Yearn, Alpha Homora, Inverse Finance) could borrow from Iron Bank with zero conventional collateral. The contract’s logic and on-chain track record served as “creditworthiness.” Iron Bank was primarily used by Yearn vaults to flash-borrow liquidity for strategy execution.
- CREAM governance — CREAM holders vote on new asset markets, collateral factors, reserve factors, and Iron Bank whitelist additions.
- Multi-chain — Cream launched on BSC and Polygon, though Ethereum remained the primary deployment.
Tokenomics
| Parameter | Value |
|---|---|
| Ticker | CREAM |
| Max Supply | 9,000,000 CREAM |
| Ethereum contract | 0x2ba592F78dB6436383a6372CdEa068Fed929B904 |
| Distribution | Liquidity mining to depositors and borrowers |
| Peak TVL | ~$2 billion (2021) |
Use Cases
- Lending and borrowing — Deposit assets to earn yield; borrow against broad crypto collateral including LP tokens and yield-bearing tokens.
- Iron Bank — Protocol-to-protocol zero-collateral credit for whitelisted smart contracts.
- CREAM governance — Vote on new markets, collateral factors, and Iron Bank policy.
History
- 2020-08-03 — Cream Finance launches on Ethereum as a Compound fork with an expanded asset whitelist. The name references Wu-Tang Clan’s “C.R.E.A.M.” (Cash Rules Everything Around Me). CREAM distributed via liquidity mining.
- 2020 — Cream integrates with Yearn Finance’s ecosystem at the encouragement of Andre Cronje. Iron Bank launches as a protocol credit facility. Yearn vaults become primary Iron Bank users.
- 2021 — Cream TVL peaks near $2 billion. Iron Bank expands to Alpha Homora and other DeFi protocols. Cream and Iron Bank are a key piece of the Yearn ecosystem lending stack.
- 2021-02-13 — First major exploit: $29 million drained via a reentrancy vulnerability in Cream’s AMP token market. AMP’s ERC-777-style transfer hooks allowed reentrant calls before balances updated, enabling repeated borrows in a single transaction.
- 2021-08-30 — Second hack: $18.8 million lost via flash loan price manipulation of the MIS (Mirage Cash) token oracle on ApeSwap, which Cream used as a price feed, enabling massive over-borrowing.
- 2021-10-27 — Third and largest hack: $130 million extracted via a sophisticated two-block nested crToken attack. The attacker used $500M+ in flash loans to inflate crCREAM’s price, used inflated crCREAM as collateral, and drained Cream’s liquidity across 68 chained loan positions. Security analysts described it as the most complex single DeFi exploit executed to that date.
- 2022 — Cream’s TVL collapses post-hacks. Iron Bank separates as an independent protocol. Many Cream integrations are removed by partner protocols. CREAM token loses most of its value.
- 2023–2024 — Cream operates at minimal scale. Iron Bank continues to operate independently. Cream is primarily discussed as a DeFi security case study.
Common Misconceptions
“Iron Bank is the same as Cream Finance.”
Iron Bank was a Cream product that operated as a separate protocol-to-protocol credit facility. After the 2021 hacks, Iron Bank became an independent project. They share origin but operate independently.
“The October 2021 hack was a ‘simple’ flash loan attack.”
The $130M October 2021 attack was the most technically complex DeFi exploit to that date — involving multi-protocol flash loans, multi-block oracle manipulation, and 68 chained nested crToken collateral positions. It required deep understanding of Cream’s oracle system and crToken accounting logic.
Social Media Sentiment
Cream Finance is now discussed almost exclusively in DeFi security education contexts. Its three hacks in under a year are a definitive case study in the risks of permissive collateral listing, complex oracle dependencies, and protocol-to-protocol credit. The community surrounding active Cream participants largely migrated to Iron Bank after the separation.
Last updated: 2026-04