free page hit counter

After a Twitter thread on Friday that marked Value DeFi, the method of preventing flash loan exploitation of the decentralized financing protocol, appears to have been the victim of a $ 6 million flash loan.

At approximately 10:45 a.m. EST, a user took out a flash loan of 80,000 ETH (over $ 36 million) from Aave lending protocol. Aave developer Emilio Frangella immediately drew attention to the loan:

The attacker then used the money to trade a flash arbitration attack, targeting Value DeFi’s multi-stablecoin vault. The attacker deposited money in the safe, brokered between DAI and USDC, and left the money with a multi-million dollar payday.

At 11:05 am, a statement in community Discord acknowledged the exploit:

We are aware of the current situation with the MultiStables safe. Please give us some time to check this. All other vaults and pools are operating normally.

Shortly after the exploit, the attacker followed up with an Ethereum transaction that appeared to mock the Value DeFi protocol with a message sent to the protocol implementer address:

“do you really know flash loan?”

The attacker paid $ .31 in ETH of his winnings to send the message.

At 12:12 PM, the protocol said in a statement on Twitter that they were preparing a post-mortem about the exploit, which they say resulted in a loss of $ 6 million to users:

Since the attack, the value of the $ VALUE token has fallen more than 25%, from 2.73 to 2.01 at the time of going to press.

This exploit is just the latest in what has been a troubling week in the DeFi space with an attack on the Acropolis protocol. In a tweet Aave’s Stani Kulechov said the exploit is a sign of growing attack vectors:

“Building resilient DeFi will be difficult.”