At 23:36 on November 14th, Beijing time, hackers carried out a lightning loan attack on the Value DeFi protocol and lost nearly 7.4 million U.S. dollars in DAI. After stealing the tokens, the hacker also left a message "do you really know flashloan?" to provoke the development team.
One hour later, Value DeFi officially tweeted to confirm: MultiStables vault has been subjected to a complex attack with a net loss of 6 million US dollars. Currently conducting post-mortem analysis and exploring how to reduce the impact on users.
CoinGecko's quotation shows that its VALUE token has fallen since midnight, with the lowest hitting $1.87 and the highest drop reaching 31.75%. It has since rebounded slightly and is now quoted at $2. Value DeFi currently locks a total of 32.8 million US dollars.
coingecko.com
The logic of this incident is similar to the previous Harvest attack. PeckShield sent a shield to analyze the incident and believe that the reason for the success of this attack is that the project code has a loophole in the use of the price prediction machine based on the AMM algorithm.
According to PeckShield analysis, we analyze the transaction based on the attack (0x46a03488247425f845e444b9c10b52ba3c14927c687d38287c0faddc7471150a). The attacker's malicious attack contract is (0x675BD0A0b03096c5ead734cFa00C7620538C7C6F).
Step 1: Obtain 80,000 ETH through Aave Lightning Loan (approximately 36.8 million US dollars at US$460).
Step 2: Get 116 million DAI (Empty Glove White Wolf) in UniswapV2 Lightning Loan. Next, the 0x675B malicious contract will execute the following content.
Step 3: Exchange the 80,000 ETH obtained in step 1 into 31 million USDT on UniswapV2.
Step 4: Deposit 25 million DAI on Vault DeFi and get 24.9 million pooltokens minted by the pool. At this time, the Vault DeFi agreement will mint 24.956 million new 3crv tokens.
Step 5: Change 90 million DAI to 90.28 million USDC on Curve. This step will affect the balance of the 3pool (that is, DAI/USDC/USDT) pool on the Curve, and then raise the price of USDC.
Step 6: Convert 31 million USDT to 17.33 million USDC on Curve. At this point, you can see that the USDC exchange price has a big deviation. After this step is completed, the price of USDC in the 3pool pool on Curve will be further increased.
Step 7: Destroy the previously minted 24.9 million pooltokens on Value DeFi. This part of the pooltokens has redeemed another 33.08 million 3crv (we can know that it is 8.124 million more than the minting. This is because DAI is cheaper, so redeem it 3crv back has increased).
Next, the hacker performed the reverse operation again on Curve, earning approximately 860,000 DAI;
Step 8: Exchange 17.33 million USDC on Curve for 30.94 million USDT.
Step 9: Exchange 90.28 million USDC to 90.92 million DAI on Curve.
Step 10: Destroy 33.08 million 3crv in 3pool to redeem 33.11 million DAI, which is 8.154 million DAI more than the number of tokens at the time of deposit .
Finally, there are the remaining steps: return Aave's flash loan and the tokens in step 2 on UniswapV2.
After this attack, the hacker returned 2 million DAIs to the Value DeFi developer (0x7Be4D5A99c903C437EC77A20CB6d0688cBB73c7f), and retained 5.4 million DAIs.
According to PeckShield monitoring, the funds stolen in this attack are now stored in the wallet 0xa773603b139Ae1c52D05b35796DF3Ee76D8a9A2F. Odaily Planet Daily will continue to follow up on developments.
The original creators article reprint / content partners / seek reports please contact [email protected]; without authorization is forbidden and illegal reserved. Legal reserved.