DeFi Yield Farming Aggregator ApeRocket Suffers $1.26M 'Flash Loan' Attack

The attacks occurred on ApeRocket's Binance Smart Chain and Polygon networks within a few hours of each other on Wednesday.

Jul 15, 2021 at 3:32 p.m. UTC
Updated Sep 14, 2021 at 1:26 p.m. UTC

ApeRocket, a decentralized finance (DeFi) yield farming aggregator, has suffered two flash loan attacks costing users $1.26 million.

  • The attacks occurred on ApeRocket's Binance Smart Chain and its Polygon fork within a few hours of each other on Wednesday, according to a blog announcement.
  • The two hacks were carried out in Aave and PancakeSwap and amounted to a combined $1.26 million.
  • In both cases, substantial funds were borrowed in AAVE and CAKE, meaning the hacker held over 99% of the funds in the two protocol's vaults. Large amounts of money were then sent to the vault contract leading to the minting of a high number of tokens, which the hacker then dumped.
  • The price of ApeRocket's SPACE token crashed by around 63% as a result. No further SPACE tokens will be minted in the meantime while ApeRocket sets about compensating investors for the incident.
  • Yield farming refers to a process by which individuals can earn interest or rewards on crypto deposits they make with lenders. DeFi apps allow users to make financial transactions without going through a traditional intermediary like a bank.

DISCLOSURE

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.