After a Twitter thread on Friday that marked Value DeFi, the method of preventing flash loan exploitation of the decentralized financing protocol, appears to have been the victim of a $ 6 million flash loan.

At approximately 10:45 a.m. EST, a user took out a flash loan of 80,000 ETH (over $ 36 million) from Aave lending protocol. Aave developer Emilio Frangella immediately drew attention to the loan:

The attacker then used the money to trade a flash arbitration attack, targeting Value DeFi’s multi-stablecoin vault. The attacker deposited money in the safe, arbitrated the money between DAI and USDC and left with a multi-million dollar payday.

At 11:05 a.m., a statement in community Discord acknowledged the exploit:

We are aware of the current situation with the MultiStables safe. Please give us some time to check. All other vaults and pools are operating normally.

Shortly after the exploit, the attacker followed up with an Ethereum transaction that appeared to mock the Value DeFi protocol with a message sent to the protocol implementer address:

“do you really know flash loan?”

The attacker paid $ .31 in ETH of his winnings to send the message.

At 12:12 PM, the protocol said in a statement on Twitter that they were preparing a post-mortem about the exploit, which they say resulted in a loss of $ 6 million to users:

Since the attack, the value of the $ VALUE token has fallen by more than 25%, from 2.73 to 2.01 at the time of going to press.

This exploit is just the latest in what has been a troubling week in the DeFi space which also mentioned an attack on the Acropolis protocol. In a tweet Aave’s Stani Kulechov said the exploit is a sign of growing attack vectors:

“Building resilient DeFi will be difficult.”