A shocking amount of $6.9 million has been exploited by hackers from Lodestar Finance, a layer-2 Arbitrum technology lending platform on Saturday. The hacker uses ‘Flash Loan’ to attack where they don’t need to leave collateral to secure the loan.

According to Lodestar, the hacker intentionally inflated the value of PlutusDAO’s plvGLP token before using it to loan the entire liquidity available on the platform. As the collateralization ratio mechanism prevented the plvGLP to be liquidated, the hacker provided a plvGLP collateral and borrowed all the remaining liquidity.

The next day, Lodestar discussed the whole attack on Twitter explaining how the hack went through. They also stated that about 2.8 million GLP has been recovered and will be distributed back to the affected users. Currently, Lodestar is attempting to negotiate a bug bounty with the hacker through DeBank, a multi-chain portfolio tracker. More like a white hat agreement.

On a bad note, due to the attack, Lodestar’s TVL (total value locked) went down from $7 million to $11.06 according to defillama.com. So far, the LODE token had already lost 12% of its value against the dollar in the last 24 hours and has a current value of $0.153906.

In the meantime, the Lodestar team halted the loan and liquidation transactions on the team’s Discord channel. Lodestar’s security breach is quite similar to what happened at Mango Markets where they lost $114 million due to the hackers manipulating the market.