Value DeFi protocol suffers from $ 6 million flash loan exploit

Following a Twitter thread on Friday which Underline Decentralized Financial Protocol Flash Loan Exploit Prevention Methodology, Value DeFi appears to have fallen victim to a $ 6 million flash loan exploit.

At around 10:45 a.m. EST, a user took out a flash loan of 80,000 ETH (over $ 36 million) from the Aave lending protocol. Aave developer Emilio Frangella immediately drew attention to the loan:

According to Emiliano Bonassi, a self-proclaimed hacker and co-founder of DeFi Italy, the attacker also secured an additional $ 116 million DAI flash loan from Uniswap.

Bonassi says the attacker traded the flash loaned ETH for stablecoins, deposited some of the flash loaned DAI into Value DeFi’s multi-stablecoin vault, and then made a series of stablecoin exchanges between USDT, USDC. and DAI designed to leverage the price used by the Value DeFi vault withdrawal method.

In an interview with Cointelegraph, Bonassi said that although it is conceptually similar to the recent attack on Harvest Finance, it was one of the most complex exploits he has seen, and “one of the very first times “that an attacker used two flash loans. at once.

At 11:05 a.m., a statement in the Discord community acknowledged the feat:

We are aware of the current situation of the MultiStables safe. Please give us some time to check. All other chests and pools are functioning normally.

Shortly after the exploit, the attacker continued with an Ethereum transaction that appeared to taunt the Value DeFi protocol with a message sent to the address of the protocol’s deployer:

“Do you really know the flash loan? “

The attacker paid $ 0.31 in ETH from his profits to send the message.

At 12:12 p.m., Protocol said in a statement on Twitter that they were preparing a post-mortem on the exploit, which they said resulted in users losing $ 6 million:

Since the attack, the value of the $ VALUE token has plunged more than 25%, from 2.73 to 2.01 at the time of publication.

This feat is just the latest in what has been a troubling week in the DeFi space that also featured an attack on the Akropolis protocol. In a Tweeter Aave’s Stani Kulechov pointed out that the exploit is a sign of expansion of attack vectors:

“Building a resilient DeFi becomes difficult. “

This article has been updated to include additional information

Previous Online loan sharks impersonate a charity to pocket fees
Next Mosaic Launches New Loan Products To Make Solar Power Even More Affordable For U.S. Homeowners

No Comment

Leave a reply

Your email address will not be published.