At 23:36 on November 14th, Beijing time, hackers launched a flash loan attack on the Value DeFi protocol, losing nearly $7.4 million in DAI. After stealing the tokens, the hacker left a message “do you really know flashloan?” to provoke the development team.
An hour later, Value DeFi officially tweeted to confirm that the MultiStables vault had suffered a complex attack, with a net loss of $6 million. A post-mortem analysis is currently underway and exploring how to mitigate the impact on users.
image description
This event and previousHarvestaccording to
according toPeckShieldFor analysis, we analyze based on the transaction that initiated the attack (0x46a03488247425f845e444b9c10b52ba3c14927c687d38287c0faddc7471150a). The attacker's malicious attack contract is (0x675BD0A0b03096c5ead734cFa00C7620538C7C6F).
Step 1: Obtain 80,000 ETH (approximately US$36.8 million at US$4.60) through Aave Flash Loan.
Step 2: Obtain 116 million DAI (empty glove white wolf) in UniswapV2 flash loan. Next, the 0x675B malicious contract will execute the following content.
Step 3: Exchange the 80,000 ETH obtained in Step 1 for 31 million USDT on UniswapV2.
Step 4: Deposit 25 million DAI on Vault DeFi and get 24.9 million pooltokens minted by the pool. At this time, the Vault DeFi protocol will mint 24.956 million new 3crv tokens.
Step 5: Exchange 90 million DAI for 90.28 million USDC on Curve. This step will affect the balance of the 3pool (that is, DAI/USDC/USDT) pool on Curve, thereby raising the price of USDC.
Step 6: Exchange 31 million USDT for 17.33 million USDC on Curve. At this time, you can see that the USDC exchange price has already deviated greatly. After completing this step, the price of USDC in the 3pool pool on Curve will be further increased.
Step 7: Destroy the previously minted 24.9 million pooltokens on Value DeFi, and these pooltokens redeemed another 33.08 million 3crv (calculated to know that there are 8.124 million more than minted. This is because DAI is cheaper, so the redemption The 3crv returned has increased).
Next, the hacker operated in reverse again on Curve, earning about 860,000 DAI:
Step 8: Exchange 17.33 million USDC back to 30.94 million USDT on Curve.
Step 9: Exchange 90.28 million USDC back to 90.92 million DAI on Curve.
Step 10: Destroy 33.08 million 3crv in 3pool to redeem 33.11 million DAI, compared to the number of tokens at the time of deposit,A full 8.154 million more DAI。
Finally, the remaining steps: return Aave’s flash loan and the tokens in step 2 on UniswapV2.
After this attack, the hacker returned 2 million DAI to the Value DeFi developer (0x7Be4D5A99c903C437EC77A20CB6d0688cBB73c7f), and kept 5.4 million DAI for himself.
According to PeckShield monitoring, the funds stolen in this attack are now stored in the wallet 0xa773603b139Ae1c52D05b35796DF3Ee76D8a9A2F. Odaily will continue to follow developments.
