This one is upsetting. Yesterday, decentralized finance protocol Value DeFi tweeted that it is “very excited with our most recent innovation, the MultiStables Vault, and we strive to ensure your funds are always SAFU with our vaults.” Lots of emojis, lots of pride in one’s work.
Then today: “The MultiStables vault was the subject of a complex attack that resulted in a net loss of $6M. We are currently working on a postmortem and are exploring ways to mitigate the impact on our users.”
The Telegram group, before Decrypt was banned, was a mixture of distress and anxiety. The usual: some community members still in a daze from the attack, and others rushing to put out the FUD—Fear Uncertainty and Doubt. The Discord chat is currently a mess.
It appears as though the attack was down to a flash loan. The attacker took out a flash loan to affect the prices of tokens held within curve finance vaults, then bought them for a low price and paid back the loan, netting a profit.
The MultiStables Vault was supposed to have the following advantages: “1) Flash-loan attack prevention 2) Fake-token attack prevention 3) Re-entrance attack prevention.” It turned out to have none of those.
Justin Bebis, the member of Value DeFi’s discord chat who had summed the mood up best, told Decrypt, “The team are a bunch of great guys, the community management was about the best I’ve seen…they hired community members, promoted community artwork, and made fantastic progress every week. I doubt they’ll give up after this but it’s sad to see the community torn apart.”
‘Prod’, Value DeFi’s community manager, told Decrypt, “We won’t be giving up, we will develop a plan and keep pushing forward.”
And then…whoosh, the token’s price falls off a cliff.
A sad day for decentralized finance.