Value DeFi has been exploited for millions of dollars. 

An unknown attacker drained funds from Value DeFi’s MultiStables vault using a flash loan, an innovation where DeFi users can borrow funds from a pool without providing any collateral, then pay back the loan in the same transaction. 

Value DeFi Suffesr $5.4 Million Loss

In today’s attack, the loan was for 80,000 ETH, worth around $36 million at today’s prices.

In a complex multi-step process that would typically only be possible among more advanced DeFi users, the attacker wound up withdrawing $7.4 million in Dai from the Value DeFi pool.

In something of an audacious move, they also signed one of the transactions with the words, “do you really know flashloan?” Last night, Value DeFi posted a since-deleted tweet discussing “flash loan prevention.”

Before making off with the funds, the attacker decided to return $2 million. 

The attacker’s moves can be viewed on Etherscan here. 

It’s only the latest example of a major flash loan exploit in DeFi. Flash loans have been the subject of much debate in the DeFi community over the last few months, with ongoing discussions over whether such innovations are a good or bad tool in the industry.

While some stand on the “code is law” side of the fence, much of the debate surrounds the ethics of draining pools for millions when regular users stand to lose out from the attacks. 

Value DeFi announced the exploit in its Discord channel earlier today, stating that the team is “currently working on a postmortem and are exploring ways to mitigate the impact on our users.”