Growth DeFi gToken Manipulation
Flash-loan manipulation of gToken/stkToken pricing in Growth DeFi's yield strategy let an attacker extract ~$1.3M of reserves at skewed rates ('The Big Combo').
- Date
- Victim
- Growth DeFi
- Status
- Funds Stolen
In February 2021, Growth DeFi lost approximately $1.3 million ("The Big Combo") when an attacker used a flash loan to manipulate the gToken/stkToken pricing in its yield strategy, extracting protocol reserves at skewed rates.
What happened
Growth DeFi's gToken strategy priced operations from manipulable pool state. A flash loan distorted it; the attacker cycled deposits/withdrawals at the bad rate for ~$1.3M.
Why it matters
Growth DeFi is an early-2021 flash-loan strategy-token manipulation — same class as Yearn yDAI, xToken, Value DeFi. Its catalogue function is purely as one more dot on the densest line in the dataset, reinforcing the single most-repeated lesson by sheer weight of recurrence: never derive strategy/vault economics from a price an attacker can move in the same transaction. Known since Feb 2020; violated continuously since.
Sources & on-chain evidence
- [01]halborn.comhttps://www.halborn.com/blog/post/explained-the-growth-defi-hack-february-2021
- [02]rekt.newshttps://rekt.news/the-big-combo