The popular defi lending platform, Aave, suffered a smart contract exploit that allowed an attacker to steal around $56,000. A smart contract outside of the core Aave protocol, which is used to allow people to use existing collateral to repay their loans, had gradually accrued a balance of tokens leftover from slippage. These small leftover token amounts are sometimes called “dust”. Altogether, these tokens amounted to around $70,000 across several blockchain networks.An exploiter was able to take advantage of an arbitrary call error that allowed them to steal funds from these various contracts, amounting to around $56,000. Various people associated with Aave emphasized that there was no risk to user funds or flaw in the core Aave protocol, and one described the hack as “raiding the tip jar”.

Total loss estimated at $56,000.