ApeRocket, a decentralized finance (DeFi) yield farming aggregator, has suffered two flash loan attacks costing users $1.26 million.

• The attacks occurred on ApeRocket’s Binance Smart Chain and its Polygon fork within a few hours of each other on Wednesday, according to a blog announcement.
• The two hacks were carried out in Aave and PancakeSwap and amounted to a combined $1.26 million.
• In both cases, substantial funds were borrowed in AAVE and CAKE, meaning the hacker held over 99% of the funds in the two protocol’s vaults. Large amounts of money were then sent to the vault contract leading to the minting of a high number of tokens, which the hacker then dumped.
• The price of ApeRocket’s SPACE token crashed by around 63% as a result. No further SPACE tokens will be minted in the meantime while ApeRocket sets about compensating investors for the incident.
• Yield farming refers to a process by which individuals can earn interest or rewards on crypto deposits they make with lenders. DeFi apps allow users to make financial transactions without going through a traditional intermediary like a bank.