{"id":111610,"date":"2020-11-14T20:53:02","date_gmt":"2020-11-14T17:53:02","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/value-defi-protocol-suffers-6-million-flash-loan-exploit\/"},"modified":"2020-11-14T20:53:02","modified_gmt":"2020-11-14T17:53:02","slug":"value-defi-protocol-suffers-6-million-flash-loan-exploit","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/value-defi-protocol-suffers-6-million-flash-loan-exploit\/","title":{"rendered":"# Value DeFi protocol suffers $6 million flash loan exploit"},"content":{"rendered":"<p>&#8220;<strong># Value DeFi protocol suffers $6 million flash loan exploit <\/strong>&#8221;<br \/>\n<img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjAtMTEvZWY0ZjQ5MzctM2E2OS00YzFiLWFhODgtZjEwNTM5MGEwZWM2LmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-5a136f3a>Following a <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Twitter<\/a> thread on Friday that <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/twitter.com\/value_defi\/status\/1327469664620802050\">highlighted<\/a> the decentralized finance protocol\u2019s flash loan exploit prevention methodology, Value DeFi <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ears to have been the victim of a $6 million flash loan exploit.\u00a0<\/p>\n<p>At roughly 10:45 AM EST, a user took out a flashloan of 80,000 ETH (over $36 million) from lending protocol Aave. Aave developer Emilio Frangella immediately called attention to the loan:<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"cy\" dir=\"ltr\">80.000 eth flashloan on <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/twitter.com\/AaveAave?ref_src=twsrc%5Etfw\">@AaveAave<\/a>  <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/t.co\/ngnHIoNKpi\">https:\/\/t.co\/ngnHIoNKpi<\/a><\/p>\n<p>\u2014 Emilio Frangella (@The3D_) <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/twitter.com\/The3D_\/status\/1327638923183591425?ref_src=twsrc%5Etfw\">November 14, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>The attacker then used the funds to conduct a flash loan arbitrage attack, targeting Value DeFi&#8217;s multi-stablecoin vault. The attacker deposited funds in the vault, arbitraged the funds between DAI and USDC, and exited with a multi-million payday.\u00a0<\/p>\n<p>At 11:05, a statement in the community Discord acknowledged the exploit:\u00a0<\/p>\n<p><em>We are aware of the current situation with the MultiStables vault. Please give us a bit time to check. Every other vaults and pools are working normally.<\/em><\/p>\n<p>Shortly after the exploit, the attacker followed up with an Ethereum transaction that seemed to taunt the Value DeFi protocol with a message sent to the protocol\u2019s deployer <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/etherscan.io\/tx\/0x217298bd38ed12b16e0cd65ce0b464c3810e0479a99a1464aed5e6768b2a4c50\">address<\/a>: <\/p>\n<blockquote><p>&#8220;do you really know flashloan?&#8221;<\/p><\/blockquote>\n<p>The attacker paid $.31 in ETH from his profits to send the message.<\/p>\n<p>At 12:12, the protocol said in a statement on Twitter that they were preparing a postmortem on the exploit, which they said led to a loss of $6 million for users:\u00a0<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The MultiStables vault was the subject of a complex attack that resulted in a net loss of $6M. <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/t.co\/dnFRa5yPBJ\">https:\/\/t.co\/dnFRa5yPBJ<\/a><br \/>We are currently working on a postmortem and are exploring ways to mitigate the impact on our users.<\/p>\n<p>\u2014 Value DeFi Protocol (@value_defi) <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/twitter.com\/value_defi\/status\/1327660571592773632?ref_src=twsrc%5Etfw\">November 14, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Since the attack, the the value of the $VALUE token has plunged over 25%, from 2.73 to 2.01 at press time.\u00a0<\/p>\n<p>This exploit is just the latest in what has been a troubling week across the DeFi space\u00a0that featured an attack on the Akropolis protocol. In a <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/twitter.com\/StaniKulechov\/status\/1327642927439417346\">tweet<\/a> Stani Kulechov of Aave signaled that the exploit is a sign of expanding attack vectors:<\/p>\n<blockquote><p>\u201cBuilding resilient DeFi is becoming difficult.\u201d<\/p><\/blockquote>\n<p><template data-name=\"subscription_form\" data-type=\"defi_newsletter\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener noreferrer\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/value-defi-protocol-suffers-6-million-flash-loan-exploit\" target=\"_blank\" rel=\"noopener noreferrer\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;# Value DeFi protocol suffers $6 million flash loan exploit &#8221; Following a Twitter thread on Friday that highlighted the decentralized finance protocol\u2019s flash loan exploit prevention methodology, Value DeFi appears to have been the victim of a $6 million flash loan exploit.\u00a0 At roughly 10:45 AM EST, a user took out a flashloan of&#8230;<\/p>\n","protected":false},"author":1,"featured_media":111611,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/s3.cointelegraph.com\/uploads\/2020-11\/ef4f4937-3a69-4c1b-aa88-f105390a0ec6.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74868,74891,74882,77595],"class_list":["post-111610","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-defi","tag-ethereum","tag-hacks","tag-lending"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/111610","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=111610"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/111610\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/111611"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=111610"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=111610"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=111610"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}