Following a Twitter post on Friday that highlighted a decentralized finance protocol’s method of preventing rapid drawdowns, it was revealed that Value DeFi was the victim of a $ 6 million emergency loan drawdown.
At about 10:45 am ET, a user took out an instant loan of 80,000 ETH (over $ 36 million) using the Aave lending protocol. Aave developer Emilio Frangella immediately pointed out the loan:
According to Emiliano Bonassi, a self-proclaimed white hat hacker and co-founder of DeFi Italy, the attacker also received an additional $ 116 million in DAI from Uniswap.
Bonassi says the attacker traded the ETH borrowed in flash for stack coins, deposited a portion of the DAI that was provided to the DeFi multi-stability coin vault, and then implemented a series of stack coin exchanges between USDT, USDC and DAI to take advantage of the pricing … … the Value DeFi withdrawal method is used.
In an interview with Cointelegraph, Bonassi said that while it was conceptually similar to the recent attack on Harvest Finance, it was one of the most sophisticated vulnerabilities he has seen, and “one of the first” attackers once used two Flash Credits.
11:05 am a statement in the Discord community acknowledges the exploitation
We are familiar with the current situation with the MultiStables repository. Give us time to check. All other lockers and pools are working fine.
Immediately after exploitation, the attacker executed an Ethereum transaction that appeared to mimic Value DeFi with a message sent to the address of the protocol distributor:
“Do you really know flashloan?”
The attacker paid $ 0.31 in ETH to send the message.
At 12:12 pm, Minutes tweeted that they were preparing a post-exploitation autopsy that they said resulted in a loss of $ 6 million to users:
Since the attack, the value of the $ VALUE token has decreased by more than 25%, from 2.73 to 2.01 at the time of publication.
This exploitation is only the last in an unpleasant week over the DeFi room, which also contained an attack on the Acropolis Protocol. In a tweet, Stani Kulechev of Aave noted that this exploitation is a sign of expanding attack vectors:
“Building resilient DeFi has become a challenge.”