$100M Liquidated From Compound Following Flash Loan Exploit

Share Article
In Brief
  • Over $100 million was liquidated from Compound lenders in the latest flash loan “attack.”

  • The flash loan exploit occurred due to an error in the Coinbase oracle data.

  • DeFi protocols remain vulnerable to opportunistic profiteering exploits.

  • promo

    KuCoin Releases KCS whitepaper – a Path for Geek to Mass Adoption Read now!

The Trust Project is an international consortium of news organizations building standards of transparency.

Lenders on DeFi protocol Compound (COMP) have once again fallen victim to another flash loan exploit, this time to the tune of over $100 million.

Opportunistic profiteering using flash loans have been at the heart of many losses in the DeFi space in 2020.

DAI/USD Peg on Coinbase Malfunctions

According to DeFi lending analytics provider LoanScan, about $103 million has been liquidated from the Compound protocol.

Tweeting on Nov. 26, Julien Bouteloup pointed to massive liquidation volume on Compound due to an error from the Dai (DAI) dollar peg data supplied by the Coinbase oracle.

Data from TradingView shows the DAI-dollar peg on Coinbase climbing to $1.34, a 34% premium on the actual value of the stablecoin. An inspection of the DAI price across the market shows the issue occurred only on Coinbase.

Coinbase DAI/USDC peg data from Tradingview

In all, the DAI peg deviation reportedly lasted between 7:45 AM (UTC) and 8:55 PM (UTC). At the height of the problem, DAI remained at $1.34 on Coinbase for a full four minutes.

Due to the incorrect price feed from the Coinbase oracle, some Compound users became under-collateralized. Based on the baked-in protocol rules, this meant a forced liquidation of their positions.

With numerous flash loan arbitrage bots scouring the market for such opportunities, it’s perhaps unsurprising that some entities benefitted from the situation. The third-largest COMP farmer was reportedly one of the affected users, losing about $49 million in the process.

Details of the Compound Attack

Commenting on the loss, DeFi trader Sam Priestley identified the victim as a leveraged COMP farmer who failed to keep his DAI and USDC stash in separate wallets.

Thus, the liquidator was able to take the DAI balance to offset the debt occasioned by the under-collateralized loan while earning a cool $3.7 million from the token swap process.

In summary, the attacker took a 46 million DAI flash loan and swapped the same for 2.4 billion cDAI. Converting the 2.4 billion cDAI yielded 46.2 million DAI.

The attacker then repaid the flash loan of 46 million DAI and was left with 170.9 million cDAI which is equivalent to $3.5 million in profits. In another tweet by Alex Svanevik, the CEO of on-chain data analytics outfit Nansen, one other COMP farmer lost $17.5 million in the exploit.

Earlier in November, the Origin Dollar project lost about $7 million in another flash loan “attack.” Entities continue to leverage vulnerabilities in contract codes, liquidity pools, and even oracle data to score millions of dollars from DeFi platforms.

Indeed, Thursday’s Compound flash loan exploit highlights the dangers of relying on centralized price oracles.


All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

Osato is a reporter at BeInCrypto and Bitcoin believer based in Lagos, Nigeria. When not immersed in the daily happenings in the crypto scene, he can be found watching historical documentaries or trying to beat his Scrabble high score.

Follow Author

KuCoin Releases KCS whitepaper – a Path for Geek to Mass Adoption      

Read now

KuCoin Releases KCS whitepaper – a Path for Geek to Mass Adoption

Read now

Olympus, a P2E NFT Game Similar to Clash Royale, Is Making Headlines

Read Now