Value DeFi falls victim to $6 million flash loan exploit. After a Twitter thread on Friday highlighting the decentralized finance protocol’s flash loan exploit prevention methodology, Value DeFi seems to have been the victim of a $6 million flash loan exploit.
At approximately 10:45 AM EST, a user took out a flashloan of 80,000 ETH (over $36 million) from lending protocol Aave. Aave developer Emilio Frangella immediately called attention to the loan through a post on his Twitter profile.
According to Emiliano Bonassi, a self-described whitehat hacker and the co-founder of DeFi Italy, the attacker also sourced an additional $116 million flash loan in DAI from Uniswap.
Bonassi says that the attacker swapped the flash-loaned ETH for stablecoins, deposited part of the flash-loaned DAI into Value DeFi’s multi-stablecoin vault, and then conducted a series of stablecoin swaps between USDT, USDC, and DAI designed to exploit the pricing used by the Value DeFi vault’s withdrawal method.
At 12:12, the protocol said in a statement on Twitter that they were preparing a postmortem on the exploit, which they said led to a loss of $6 million for users. Since the attack, the value of the $VALUE token has plunged over 25%, from 2.73 to 2.01 at press time.