DeFi protocol Value announced on Nov. 14 that it had experienced a flash loan attack that resulted in the loss of $6 million.
- The attacker specifically targeted Value Protocols’ MultiStables Vault, which led to $6 million in user deposits being stolen
- The team has offered partial recompense to users, allowing them to withdraw up to 28.24% of their initial deposit, with 20% more to be made available in DAI soon;
- However, refunds for the remaining 52% are not guaranteed, and the team is looking at ways to repay users
- Aave developer Emilio Frangella said that the attacker had taken a flash loan of 80,000 ETH (worth roughly $32 million) on Aave and $116 million in DAI from Uniswap
- The attacker followed this by trading the ETH for stablecoins and depositing the DAI in the MultiStables Vault
- He then swapped various stablecoins while exploiting the smart contract’s pricing mechanism
- White hacker Emiliano Bonassi called this the most complex flash loan attack that he had ever seen and provided a summary of the actions the attacker took
- Other protocols were also exploited with flash loans, Harvest Finance suffered a loss of $24 million
- Akropolis was subject to a flash loan attack just two days prior on Nov. 12, losing $2 million in DAI.
- Developers have suggested that DeFi protocols use decentralized price feed oracles, like Chainlink, to combat flash loan attacks