DeFi Exchange Hacker Returns Stolen Funds to ‘Nurse’ After $6m Attack

beincrypto.com 2020-11-16 11:21
Reading time: ~2 m

Over the weekend, an abnormal transaction caught the attention of multiple crypto analysts.

Continue reading below

In the incident in question, an anonymous user withdrew 80,000 ETH worth of flash loans from Aave, plus $116 million in flash loans from Uniswap.

They then used the funds to manipulate the price of stablecoins on Curve to withdraw around $6 million from Value DeFi, a yield aggregator protocol.

One whitehat hacker described this series of maneuvers as the most complicated exploit they’d ever seen. Once the dust settled, the attacker returned a significant chunk of the total to the deployer address for the Value DeFi protocol. Such returns have become a pattern for DeFi attackers, seemingly an act of pity or consolation for exploited users.

Value DeFi Exploiter Address – Etherscan

For its part, Value confirmed the attack, tweeting, “The MultiStables vault was the subject of a complex attack that resulted in a net loss of $6M.”

Later, the Value team published a full post mortem stating that it “deeply regrets this latest incident” and that it was lining up a compensation plan for victims funded by “a combination of the dev fund, insurance fund and a portion of the fees generated by the protocol.”

Continue reading below

Given the large sum stolen, the attack affected many of Value’s users. Some even resorted to contacting the attacker by including messages into Ethereum transactions.

One claiming to be a nurse said that they had invested their life savings or close to $100,000 into the protocol hoping to earn a yield and begged the attacker to return the funds.

Many observers on Twitter instantly questioned this user’s authenticity, citing their use of English and the unlikeness of their gender and profession:

Perhaps surprisingly, the DeFi attacker responded by donating $50,000 worth of stablecoins to the user. Value’s developers have also reportedly tried to contact the attacker to negotiate the further return of funds; at press time, there is no word if these attempts have been successful.