How $150m in Ethereum & DAI was used to steal $7m from a competitor

Published on by Cryptoslate | Published on

Once again, the exploit took place on a competitor of Yearn.

Here's more about what happened, and what DeFi users can do to prevent their funds from being attacked moving forward.

On Saturday morning, users began to take notice of a large Ethereum transaction that involved Aave, Curve, Uniswap, and YF Value.

In total, $7.5 million worth of DAI was drained from Value, though $2 million was returned to the protocol by the pseudonymous attacker.

Although unfortunate for depositors, literal hours before the attack, Value called itself the "Most secured and advanced piece of technology in the DeFi space," claiming its developers accounted for well-known flaws in Ethereum smart contracts.

10 Hours Later:- Flash loan attacked for $7 million pic.

The exploit of Value comes after similar attacks took place with Akropolis and with Harvest Finance.

At the core of many of these exploits and potential attack vectors are the lack of proper oracle integrations.

An oracle is software that supplies data outside a system to that system; in DeFi, oracles are most often used by protocols that need to know the price of a cryptocurrency.

"Honest" oracles use a variety of metrics, such as using an index or taking a snapshot, to mitigate the risk of price manipulation attacks.