(Bloomberg) -- DeFi protocol Cream Finance suffered yet another 2021 hack in an exploit that stole at least $130 million and could be one of the largest thefts in decentralized finance. 

The attack on the Ethereum-based lending protocol was first reported by The Block Crypto, which cited a tweet by PeckShield Inc. highlighting a large flash-loan transaction that carried out the theft. 

The burgeoning DeFi landscape has drawn in billions of dollars in investor funds, but it has been a frequent target by hackers, with many using flash loans -- a type of uncollateralized lending -- as a way to exploit poorly protected protocols.

Cream was involved in similar attacks that stole nearly $38 million in February and almost $19 million in August, according to The Block. Meanwhile, a hacker stole $600 million worth of crypto tokens from the PolyNetwork protocol in August in what is considered to be the largest DeFi hack ever. 

“This unfortunately highlights one of the Big Three risks in DeFi right now,” said Stephane Ouellette, chief executive and co-founder of FRNT Financial Inc., a crypto-focused capital-markets platform. “First, tokens representing very new projects are trading at very large, arguably inflated valuations. Two, the overwhelming majority of the platforms are within a year old, which implies unproven technology. And three, the Gensler-SEC appears to have made it quite clear that these protocols are going to be treated like CeFi lenders BlockFi and Celsius, which are currently having their regulatory structures challenged in several U.S. states.”

Cream’s token plummeted 26% on Wednesday to its lowest since late May, according to CoinMarketCap data. 

Cream Finance tweeted that it is currently investigating the exploit and will share updates as soon as they are available. Representatives did not immediately respond to a request for comment.

©2021 Bloomberg L.P.