Value DeFi protocol hacker flooded with sob stories after returning $95K Dai

Published at: Nov. 16, 2020

On Nov. 14, an unknown party exploited flash loans via the decentralized finance protocol Value DeFi to the tune of $5.4 million. A number of individuals have received a portion of their stolen funds back, however, after pleading with the hacker using input data on the Ethereum blockchain.

According to data from Etherscan, the hacker sent $95,000 in Dai back to two of the victims who posted messages accessible in the Ethereum block explorer’s input data on Sunday.

“I lost $100,000 in your attack,” said one victim who claimed to be a nurse. “These are all my savings. I hope you can return it to me.”

“My grandparents and my parents sent me their life savings for high yield return that I boasted about,” said another, stating he was a 19-year-old student living in the United Kingdom who had lost $200,000. “I will be grateful if you can send the funds back and I will return them to my family.”

While the hacker did transfer 50,000 Dai to the nurse and 45,000 Dai to the 19-year-old, they had a message for both of them. The hacker inferred that their attack was a "tough love" lesson for investors:

“I don’t expect to get your money, but as we have seen, there are so many people here who lack knowledge and caution, and sooner or later those money will be lost. Some wounds are painful, but very effective.”

In the time since these messages were posted, many affected users have likewise sent small transactions with messages attached, requesting that the hacker make them whole again. At the time of publication, there have since yesterday been no outgoing transactions from the address associated with the exploit.

According to a post-mortem report from Value DeFi published on Sunday, the exploit began when a user took out a flash loan of 80,000 Ether (ETH) — roughly $37 million at the time of publication — from lending protocol Aave in addition to buying 116 million Dai and 31 million Tether (USDT). The attacker then swapped 25 million Dai for the protocol’s dollar stablecoin mvUSD, 91 million DAI for USD Coin (USDC), and 31 million USDT for 17 million USDC. Each swap was designed to exploit the pricing used by Value’s vault withdrawal method.

The protocol has stated it will be creating a compensation fund for affected users and has reached out to the hacker in a transaction of its own in an attempt to “accelerate the process.” Etherscan records show that Value DeFi offered a $1 million bounty for the hacker to return $5.4 million in Dai. There has been no response or outgoing transactions from the hacker in the time since, however.

“All teams within this space are pioneering very risky technology that is by nature lacking the benefit of time for rigorous analysis and testing,” stated Value DeFi. “No matter if your funds are deployed in Value DeFi Protocol or any other DeFi projects, there is always an element of risk when it comes to smart contracts and increasingly complex deployments.”

The value of the $VALUE token is $2.02 at the time of publication, having fallen more than 26% since its pre-exploit price of $2.74 on Saturday.

Tags
Related Posts
Poly Network hacker returns nearly all funds, refuses $500K white hat bounty
The hacker behind a $610 million attack on the cross-chain decentralized finance (DeFi) protocol Poly Network has returned almost all of the stolen funds amid the project saying their actions constituted “white hat behavior.” According to a Thursday update on the attack from Poly Network, all of the $610 million in funds taken in an exploit that used "a vulnerability between contract calls” have now been transferred to a multisig wallet controlled by the project and the hacker. The only remaining tokens are the roughly $33 million in Tether (USDT), which were frozen immediately following news of the attack. The …
Business / Aug. 12, 2021
The aftermath of Axie Infinity’s $650M Ronin Bridge hack
In late March, Ronin, an Ethereum sidechain built for the popular play-to-earn nonfungible token game Axie Infinity, was hacked for over 173,600 Ether (ETH) and 25.5 million USD Coin (USDC) for a combined value of over $600 million. The breach on the Ronin bridge was confirmed by Sky Mavis, the developers behind the popular play-to-earn (P2E) game: There has been a security breach on the Ronin Network.https://t.co/ktAp9w5qpP — Ronin (@Ronin_Network) March 29, 2022 The official report from the company noted that the hackers managed to get access to private keys to validator nodes resulting in the compromise of five validator …
Blockchain / April 12, 2022
Kyber Network offers bounty following $265K hack of decentralized exchange
KyberSwap, the decentralized exchange built on liquidity protocol Kyber Network, has offered a hacker 15% of the funds from a $265,000 exploit as a bug bounty. In a Thursday blog post, Kyber Network said a hacker had used a frontend exploit to pilfer roughly $265,000 worth of user funds from KyberSwap. The protocol said it will compensate all users for any missing funds related to the exploit, and directly addressed the hacker to give them an opportunity to return the funds in exchange for “a conversation with our team” and 15% of what was taken — roughly $40,000. “We know …
Business / Sept. 2, 2022
Binance and Huobi freeze $1.4M in crypto linked to North Korean hackers
Cryptocurrency exchanges Binance and Huobi have again frozen accounts linked to the $100 million Harmony Horizon bridge attack on Jun. 24, 2022. Around $1.4 million worth of crypto frozen by the trading platforms came from accounts linked to the notorious Lazarus Group operating out of North Korea. The investigation was carried out by blockchain analytics firm Elliptic, according to a report shared by the firm on Feb. 14. However, the firm didn’t state what coins or tokens were frozen. Exchanges @binance and @HuobiGlobal today froze accounts containing $1.4 million stolen by North Korea’s Lazarus Group. This was made possible thanks …
Blockchain / Feb. 15, 2023
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023