Value DeFi Hacker Returns $2 Million Out of Goodwill, New Vaults Coming with “Maximum Security & Audit”
“Do you really know flash loans,” is what the hacker of yet another decentralized finance (DeFi) protocol has to say to the yield aggregating pool, Value DeFi. This cheeky message has been in response to Value DeFi’s tweet just a day before the hack claiming it has flash loan attack prevention.
In a “complex attack” on the MultiStables vault of ValueDeFi, the attacker stole roughly $6 million.
On Nov. 14th, at 03:36:30 PM UTC, the hacker performed a flash-loan exploit of 80k ETH on Aave, which involved borrowing 116 million DAI and 31 million USDT.
The attacker returned $2 million out of goodwill, including 50k of 100k from a victim who said she is a nurse and has lost all her savings in the hack. This was the hacker’s response:
The Value DeFi team has since then halted deposits in the MultiStables Vaults and took a snapshot of the depositor balance for the compensation purpose. For this, a compensation fund will be created that will be funded by a combination of the dev fund, insurance fund, and a portion of the fees generated by the protocol.
The team is also proposing changes to the fee structure that involves increasing value performance fees to 20% and receipt from swap fees to 50%.
Future value releases will also remain on audited v1, and v2 will have them only after they are heavily audited.
“We are rolling out the new vaults for UNI LPs as promised, but with some structure changes to ensure maximum security. The new vaults will still use the same vault v1 code that has been running since September and currently under audits by PeckShield,” added the Value DeFi team.
Having fallen 11% after the attack, VALUE is currently trading at $2.09.