Although developers abandoned the Atlantis Loans defi lending project in early April due to “financial difficulties”, as a self-executing defi protocol it has continued to chug along rather like a zombie. As the developers wrote when they abandoned the project, “Atlantis Loans as a protocol is fully decentralized and the only way to make changes or turn things off will have to be done through the governance.“Evidently, few people continued to pay much attention to the project, because an exploiter was able to come along and perform a governance attack targeting the users who still had active smart contract approvals with the defunct project. They published and voted on a proposal to allow them to upgrade the smart contract in such a way that they could then take advantage of the approvals to transfer the tokens to their own wallet address. Ultimately they made off with around assets notionally worth around $1.1 million.

Total loss estimated at $1,100,000.