On Thursday, November 12th, the DeFi platform Akropolis\u2013which allows users to earn interest on deposits as well as borrow\u2013was the victim of an exploit that resulted in roughly $2 million in stolen funds. The attacker, who has not been identified yet, was able to exploit Akropolis by taking out flash loans and making use of a flaw within the Akropolis smart contract. The attacker was able to make off with roughly $2 million worth of the stablecoin DAI by draining Akropolis\u2019s YCurve and sUSD pools. The stolen funds are currently sitting in a wallet\u00a0that has already been marked as \u201cthe Akropolis hackers wallet\u201d\u00a0 How it happened According to Akropolis\u2019s post-mortem report, The hacker created a flash-loan to borrow funds then called SavingsModule.deposit() with fake token (his own contract 0xe2307837524db8961c4541f943598654240bd62f)\u00a0 During "transferFrom" of this fake token, he executed another deposit with real 800k DAI borrowed from DyDx.\u00a0 The balance of the pool was actually increased during the first deposit and as a result, our PoolTokens were minted twice. \u00a0Thus he was able to withdraw almost double the amount. What\u2019s unique about the Akropolis exploit, is that unlike many of the other DeFi projects in the space, Akropolis claims to have been independently audited twice. Regardless, Akropolis Founder and CEO Ana Andrianova says that the two attack vectors exploited to pull of this attack were missed during the audits. Shortly after the attack took place, Akropolis, halted trading in all of its stablecoin pools, informed digital currency exchanges of the exploit, and put their development team and security specialists to work to create a patch. The DeFi death toll rises\u00a0 Several DeFi exploits have taken place in 2020. According to blockchain analytic firm CipherTrace, DeFi related thefts and hacks are on the rise while digital currency crime, in general, is declining. When it comes to DeFi, you must proceed with caution and thoroughly research before investing. The DeFi ecosystem is very new, which means that there are several unexplored attack vectors and bugs waiting to be exploited. To add insult to injury, several DeFi projects do not get their code-audited and launch their projects with insecure infrastructure; and as we see with the Akropolis exploit, even if the project does get its code audited, it does not guarantee that it will be bullet-proof.