See More

$100M Liquidated From Compound Following Flash Loan Exploit

2 mins
Updated by Ryan Smith
Join our Trading Community on Telegram

In Brief

  • Over $100 million was liquidated from Compound lenders in the latest flash loan “attack.”
  • The flash loan exploit occurred due to an error in the Coinbase oracle data.
  • DeFi protocols remain vulnerable to opportunistic profiteering exploits.
  • promo

Lenders on DeFi protocol Compound (COMP) have once again fallen victim to another flash loan exploit, this time to the tune of over $100 million.

Opportunistic profiteering using flash loans have been at the heart of many losses in the DeFi space in 2020.

DAI/USD Peg on Coinbase Malfunctions

According to DeFi lending analytics provider LoanScan, about $103 million has been liquidated from the Compound protocol.

Tweeting on Nov. 26, Julien Bouteloup pointed to massive liquidation volume on Compound due to an error from the Dai (DAI) dollar peg data supplied by the Coinbase oracle.

Data from TradingView shows the DAI-dollar peg on Coinbase climbing to $1.34, a 34% premium on the actual value of the stablecoin. An inspection of the DAI price across the market shows the issue occurred only on Coinbase.

Compound
Coinbase DAI/USDC peg data from Tradingview

In all, the DAI peg deviation reportedly lasted between 7:45 AM (UTC) and 8:55 PM (UTC). At the height of the problem, DAI remained at $1.34 on Coinbase for a full four minutes.

Due to the incorrect price feed from the Coinbase oracle, some Compound users became under-collateralized. Based on the baked-in protocol rules, this meant a forced liquidation of their positions.

With numerous flash loan arbitrage bots scouring the market for such opportunities, it’s perhaps unsurprising that some entities benefitted from the situation. The third-largest COMP farmer was reportedly one of the affected users, losing about $49 million in the process.

Details of the Compound Attack

Commenting on the loss, DeFi trader Sam Priestley identified the victim as a leveraged COMP farmer who failed to keep his DAI and USDC stash in separate wallets.

Thus, the liquidator was able to take the DAI balance to offset the debt occasioned by the under-collateralized loan while earning a cool $3.7 million from the token swap process.

In summary, the attacker took a 46 million DAI flash loan and swapped the same for 2.4 billion cDAI. Converting the 2.4 billion cDAI yielded 46.2 million DAI.

The attacker then repaid the flash loan of 46 million DAI and was left with 170.9 million cDAI which is equivalent to $3.5 million in profits. In another tweet by Alex Svanevik, the CEO of on-chain data analytics outfit Nansen, one other COMP farmer lost $17.5 million in the exploit.

Earlier in November, the Origin Dollar project lost about $7 million in another flash loan “attack.” Entities continue to leverage vulnerabilities in contract codes, liquidity pools, and even oracle data to score millions of dollars from DeFi platforms.

Indeed, Thursday’s Compound flash loan exploit highlights the dangers of relying on centralized price oracles.

Top crypto platforms in the US | March 2024
Coinbase Coinbase Explore →
AlgosOne AlgosOne Explore →
Chain GPT Chain GPT Explore →
iTrustCapital iTrustCapital Explore →

Trusted

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

30447638d231af33211543e8e3b505c0?s=120&d=mm&r=g
Osato Avan-Nomayo
Osato is a reporter at BeInCrypto and Bitcoin believer based in Lagos, Nigeria. When not immersed in the daily happenings in the crypto scene, he can be found watching historical documentaries or trying to beat his Scrabble high score.
READ FULL BIO
Sponsored
Sponsored