Another DeFi protocol lost $40 million to hacker