Value DeFi exploited for $6 million with 2 flash loans from Aave and Uniswap

Last Updated on 15 November 2020 by CryptoTips.eu

The DeFi sector continues to suffer from security breaches with the latest affecting Lending protocol Value DeFi. It is believed that the DeFi protocol fell victim to a flash loan exploit which resulted in the loss of $6 million.

The flash loan attack on Value DeFi came after the protocol had Tweeted a now-deleted tweet that its protocol was safe from flash loan attacks. A flash loan is a feature on DeFi whereby users can borrow funds from a pool without the requirements of collateral and payback within the same transaction. 

Complex Flash Loan Attack

The unknown attacker utilized a complex process to steal the funds from Value DeFi using an elaborate scheme. Firstly, he took a flash loan from popular lending protocol Aave worth around 80,000 ETH. After which he proceeded to secure $116 million worth of DAI from popular decentralized exchange UniSwap.

After concluding this process the hacker swapped the ETH from the flash loans into stablecoins before depositing part of the DAI into Value DeFi stablecoin vault. 

He continued with his attack by exchanging a series of swaps involving USDC, USDT and DAI with the purpose of exploiting the pricing utilized by Value DeFi vault’s withdrawal method.

Using this scheme the attacker was able to withdraw about $6.5 million worth of DAI from Value Defi Pool. His activities can be seen here on etherscan

Following the success of the exploit attack, the attacker signed a transaction with the following words:

do you really know flashloan?

This was in reference to the earlier tweet from Value DeFi claiming that their platform was secure from flash loans. 

Value DeFi acknowledged the exploit and revealed in a tweet what their plans are.

Value Liquidity price dumps following exploit

As expected the value of Value DeFi has dipped since the attack with the protocol down 22% in the past 24 hours. Its native token Value is currently priced at $2.08 down from its initial price of $2.73 recorded before the exploit attack.

This latest attack on Value Defi caps a tumultuous few weeks for the crypto landscape which featured a recent attack on Akropolis protocol. The DeFi sector continues to be vulnerable to attacks due to its novel nature and lack of proper auditing by DeFi protocols. Earlier we saw the Eminence hack and Harvest Finance hack.