As much as decentralized finance (deFi) is seemingly an attractive “alternative” but a highly “risky” mode of investment, deFi has its pitfalls. Most recently this was discovered in an extremely complex single transaction smart contract.
Several experts agree that a combination of oracles for price feeds (that are seemingly blindly trusted), an admin key with a coordinator, a pooled group of accounts and trusted keys – handling real-world fiat currencies are subject to 24/7 forms of attacks. Combine this with a significant lack of regulation of exchanges, smart contract API expositing exchanges or deFiservices, these become a nightmare.
One of the most recent such “attacks” happened on the bZx market using leveraged borrowing. A detail of this attack is given in the following link. The attacker borrowed close to a million dollars – in ether, – converted it to a stablecoin on a Defi exchange, within a flash second he sold it on another exchange, causing prices to drop across markets. Then the same individual uses the capital to repurchase at the new lower price, and then he repaid the loan and took the profits.