TLDR: A DeFi lending protocol on Arbitrum lost $12M after attackers manipulated its price oracle using a flash loan attack. The exploit involved artificially inflating collateral token prices to borrow against inflated positions.
Attack Details:
- Flash loan of 50,000 ETH from Aave
- Price manipulation via low-liquidity DEX pool
- Collateral value inflated 10x temporarily
- Borrowed maximum against inflated collateral
- Repaid flash loan, kept profit
The protocol is working with on-chain sleuths to trace funds.