Another decentralized finance application victim of a “flash loan”

The decentralized finance app Value lost $ 5.4 million.

The attacker used a flash loan of 80,000 ETH on the Aave platform.

It is the third protocol victim of this type of attack after Harvest Finance and Akropolis.

The decentralized finance application (DeFi) called „Value“ lost $ 5.4 million in a complex attack on Saturday, November 14. It is the third protocol victim of a Flash Loan attack after Harvest and Akropolis.

Not really a hack

This assault on Value can not really be considered a hack since the attack mixes exploitation of protocol flaws and arbitration technique .

The attacker used a flash loan by borrowing 80,000 ETH on the decentralized lending platform Aave. Indeed, flash loans allow users to borrow funds without collateral, because the user must repay the entire loan at the time of contracting it. In other words, the borrower must contract, use and repay the funds in a single transaction.

We can visualize below all the operations performed by the attacker:

Thus, the attacker combined 16 operations to achieve a profit of 5.4 million dollars. The latter combined two flash loans and made several arbitrations between the DAI and the USDC after depositing the funds on the Value protocol.

Harvest, Akropolis and now Value

Flash loan attacks have become relatively common in the last month since the decentralized finance protocols Harvest Finance

and Akropolis suffered losses of $ 24 million and $ 2 million respectively.
In a tweet, Stani Kulechov, CEO of Aave, explained that “building resilient DeFi applications becomes difficult. „