Value DeFi, a decentralized finance yield aggregating protocol, was exploited early Saturday morning for $7.4 million in DAI.
The attacker executed a flash loan attack, borrowing 80,000 ETH from the Aave protocol. Flash loans allow users to borrow funds instantly, so long as they are returned within one transaction block, meaning users can take advantage of uncollateralized loans. As part of the exploit, the attacker returned $2 million to Value DeFi and kept $5.4 million for themselves, according to available network data.
Additionally, the attacker left a cheeky message for the Value DeFi team, stating: "do you really know flashloan?" — a reference to Value DeFi's Friday tweet claiming it has flash loan attack prevention.
The Value DeFi team later confirmed in a tweet that it had encountered "a complex attack that resulted in a net loss of $6M."
"We are currently working on a postmortem and are exploring ways to mitigate the impact on our users," the tweet continued.