DeFi Yield Farming Aggregator ApeRocket Suffers $1.26M Flash Loan Attack

15 July 2021

ApeRocket, a decentralized finance (DeFi) yield farming aggregator, has suffered two flash loan attacks costing users $1.26 million.

  • The attacks occurred on ApeRocket's Binance Smart Chain and its Polygon fork within a few hours of each other on Wednesday, according to a blog announcement.
  • The two exploits were carried out in Aave and PancakeSwap and amounted to a combined $1.26 million.
  • In both cases, substantial funds were borrowed in AAVE and CAKE, meaning the hacker held over 99% of the funds in the two protocol's vaults. Large amounts of money were then sent to the vault contract leading to the minting of a high number of tokens, which the hacker then dumped.
  • The price of ApeRocket's SPACE token crashed by around 63% as a result. No further SPACE tokens will be minted in the meantime while ApeRocket sets about compensating investors for the incident.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.