The decentralized finance app Value lost $ 5.4 million.
The attacker used a flash loan of 80,000 ETH on the Bitcoin Machine scam platform.
It is the third protocol victim of this type of attack after Harvest Finance and Akropolis.
The decentralized finance application (DeFi) called „Value“ lost $ 5.4 million in a complex attack on Saturday, November 14. It is the third protocol victim of a Flash Loan attack after Harvest and Akropolis.
Not really a hack
This assault on Value can not really be considered a hack since the attack mixes exploitation of protocol flaws and arbitration technique .
The attacker used a flash loan by borrowing 80,000 ETH on the decentralized lending platform Aave. Indeed, flash loans allow users to borrow funds without collateral, because the user must repay the entire loan at the time of contracting it. In other words, the borrower must contract, use and repay the funds in a single transaction.
We can visualize below all the operations performed by the attacker:
Thus, the attacker combined 16 operations to achieve a profit of 5.4 million dollars. The latter combined two flash loans and made several arbitrations between the DAI and the USDC after depositing the funds on the Value protocol.
Harvest, Akropolis and now Value
Flash loan attacks have become relatively common in the last month since the decentralized finance protocols Harvest Finance
and Akropolis suffered losses of $ 24 million and $ 2 million respectively.
In a tweet, Stani Kulechov, CEO of Aave, explained that “building resilient DeFi applications becomes difficult. „