Following a Twitter thread on Friday that highlighted the decentralized finance protocol’s flash loan exploit prevention methodology, Value DeFi appears to have been the victim of a $6 million flash loan exploit.
At roughly 10:45 AM EST, a user took out a flashloan of 80,000 ETH (over $36 million) from lending protocol Aave. Aave developer Emilio Frangella immediately called attention to the loan:
— Emilio Frangella (@The3D_) November 14, 2020
The attacker then used the funds to conduct a flash loan arbitrage attack, targeting Value DeFi’s multi-stablecoin vault. The attacker deposited funds in the vault, arbitraged the funds between DAI and USDC, and exited with a multi-million payday.
At 11:05, a statement in the community Discord acknowledged the exploit:
We are aware of the current situation with the MultiStables vault. Please give us a bit time to check. Every other vaults and pools are working normally.
Shortly after the exploit, the attacker