A flashloan attack has hit Wault Finance, a decentralised finance project on Binance Smart Chain and Polygon with US$335 million total value locked (TVL) in its protocol.

The attack involved WUSD, the project’s just-released “commerce-backed” stablecoin that’s backed by a mix of 90 per cent Tether and 10 per cent of Wault’s WEX token.

The attacker used flashloans — uncollaterialised blockchain loans that are borrowed and repaid in the same transaction — to carry out the arbitrage attack.

According to an account by security firm Inspex, the attacker used a complex series of flashloans and tokens swaps to profit. In essence, they seemed to have minted millions in WUSD, used those funds to buy WEX to pump the price, causing WEX to triple in value. They then redeemed the WUSD at that inflated rate and they dumped the WEX for an instant US$800,000 profit.

Wault Finance described it as a “some kind of very clever flash loan attack”.

All of the WEX that was wrapped up in the WUSD contract was drained, meaning that tokenholders in the stablecoin are out 10 per cent.

However Wault Finance was pledging to use US$150 million in its treasury and other means to fill the gap and restore the WUSD token’s collateral.

The price of Wault’s WEX token plunged from US1.5c to US0.6c as word of the attack spread.

“Will there be rewards for the injured?” one user asked in Wault’s Telegram chat. “‘Cause it’s f***king disgusting how it happened, it wasn’t a normal market pullback.”

Some users of Alpaca Finance, a platform where people could take leveraged positions involving Wault Finance’s tokens, were reporting being liquidated.

Wault had launched WUSD at 2am AEST today  and the attack occurred less than 10 hours later, at 11.49am AEST. Over US$10 million in WUSD had been minted in the first few hours of the launch, Wault tweeted before the attack.

A chart from Poocoin shows the flash loan attack pumping the price of WEX and the subsequent crash.