RE: After some discussion with JayJay, I looked at the specific TX and think that the contract was hacked due to having an "init()" function which not only can be run more than once but also by everyone.
Basically:
- Send fake tokens to the vulnerable contracts
- Call flash loan
- Get wCRES and USDT
- Change base and qoute token to two fake tokens by calling init() with own fake tokens
- Contract checks if enough fake tokens are paid back instead of the earlier base and quote tokens wCRES and USDT
- Since hacker paid them in first place, flash loan of wCRES and USDT is marked as paid while in reality fake tokens are paid.

Vulnerable contract:
https://etherscan.io/address/0x051ebd717311350f1684f89335bed4abd083a2b6#code

Hacker TX:
https://etherscan.io/tx/0x395675b56370a9f5fe8b32badfa80043f5291443bd6c8273900476880fb5221e

Thanks @wasislos for the report