- Value DeFi, a protocol for staking cryptoassets in exchange for yield, was exploited for $7.4 million on Saturday morning.
- An attacker pulled off the elaborate move by carrying out a flash loan for 80,000 ETH.
- Attacker also paid $2 million back to the protocol during the multi-step process.
Share this article
Value DeFi has been exploited for millions of dollars.
An unknown attacker drained funds from Value DeFi’s MultiStables vault using a flash loan, an innovation where DeFi users can borrow funds from a pool without providing any collateral, then pay back the loan in the same transaction.
Value DeFi Suffers $7.4 Million Loss
In today’s attack, the loan was for 80,000 ETH, worth around $36 million at today’s prices.
In a complex multi-step process that would typically only be possible among more advanced DeFi users, the attacker wound up withdrawing $7.4 million in Dai from the Value DeFi pool.
In something of an audacious move, they also signed one of the transactions with the words, “do you really know flashloan?” Last night, Value DeFi posted a since-deleted tweet discussing “flash loan prevention.”
Before making off with the funds, the attacker decided to return $2 million.
The attacker’s moves can be viewed on Etherscan here.
It’s only the latest example of a major flash loan exploit in DeFi. Flash loans have been the subject of much debate in the DeFi community over the last few months, with ongoing discussions over whether such innovations are a good or bad tool in the industry.
While some stand on the “code is law” side of the fence, much of the debate surrounds the ethics of draining pools for millions when regular users stand to lose out from the attacks.
Value DeFi announced the exploit in its Discord channel earlier today, stating that the team is “currently working on a postmortem and are exploring ways to mitigate the impact on our users.”