DeFi’s $ 6 million loophole – Cryptocurrencies


Hackers in the cryptosphere have certainly decreased in 2020, but DeFi now seems to be the preferred target of hackers. This hacker “took” a loan of 80,000 ETH on Value DeFi ($ VALUE). He even allowed himself to publicly taunt the latter.

A $ 6 million loan to a hacker

According to a tweet on November 13, 2020 from Value DeFi, the protocol was reportedly hacked with a loss of $ 6 million.

Value DeFi, which recently praised its performance in terms of security, was allegedly attacked via flash loans.

The alert was issued when a developer of Aave (AAVE), Emilio Frangella, had pointed to a flash loan of 80,000 ETH, valued at approximately $ 36 million, on the loan memorandum.

According to the co-founder of DeFiItaly, Emiliano Bonassi, the hacker would then have obtained an additional loan of 116 million dollars in stablecoins DAI withUniswap.

Bonassi indicates that the hacker exchanged the loan ETH against DAI, then made a deposit of DAI in the multi-stablecoins wallet of Value DeFi.

Finally, he exploited the pricing discrepancies used by the protocol during withdrawals.

Flash loans explained by a hacker

For Emilio Bonassi, this attack is one of the most ingenious he has ever seen and one of the best performances achieved thanks to 2 flash loans.

He added that this hack had similarities to the one that had targeted Harvest Finance.

A press release from the Value DeFi sure Discord claimed that the other pools were functioning normally.

The hacker did not stop at ridiculing the protocol by sending the following message: “Do you really know about flash loans? “

Value DeFi tweeted that it was exploring possible solutions to mitigate the impact of losses on its users.

Following this attack, the price of the token $ VALUE lost 25% of its value from $ 2.73 to $ 2.01.


Cryptoassets are highly volatile unregulated investment products. No EU investor protection. Your capital is at risk.

Did the era of flash hacks begin with the advent of flash loans? The upcoming launch of the Ethereum 2.0 beacon chain may perhaps solve the congestion problems of the ETH network, but DeFi must now get serious about securing the various protocols in the industry. To avoid a loss of $ 6 million – which is highly damaging to the image of a DeFi protocol – you might as well recruit hackers paid at 7 figures per year. We will avoid making fun of ourselves and losing the trust of users – No, a CertiK audit does not protect against an attack.


Related Articles

Back to top button