$3 million in Ethereum and DAI drained in latest DeFi hack

The tech used in the Decentralized Finance [DeFi] space is comparatively novel. As a result, this space has been susceptible to hacks since its inception. Attacks and violations have been taking place on and off. In what is the latest happening, Deus Finance was victimized.

As per PeckShield, Deus Finance was exploited on Tuesday, with the attacker swiping around $3 million in Ethereum and DAI. Per the blockchain security and data analytics company, the protocol loss could be much more.

As such, Deus Finance is a decentralized bilateral OTC derivatives platform that allows customers to build synthetic stocks, trading platforms, and other instruments.

1/ @deusdao Deus Finance was exploited in https://t.co/bfYCQcz5rZ, leading to the gain of ~$3M for the hacker (The protocol loss may be larger), including 200,000 DAI and 1101.8 ETH

— PeckShield Inc. (@peckshield) March 15, 2022

The hack’s postmortem

Per PeckShield, the flash-loan manipulation of a price oracle had led to the hack. The hackers used flash loans to manipulate the contract that determined the price of DEI, one of the two tokens issued by Deus Finance, to falsely show that DEI had collapsed. This led to a loss of funds of the users supplying liquidity to the DEI/USDC pool.

Outlining the steps using the hack transaction, PechShield brought to light that the funds were initially withdrawn from cryptocurrency mixer TornadoCash and tunneled to Fantom via Multichain (previously Anyswap). Their tweet noted,

“The initial funds to launch the hack are withdrawn from @TornadoCash and tunneled to Fantom via @MultichainOrg. The result gains are tunneled via @MultichainOrg and funds are now washed via @TornadoCash.”

As per the blockchain transaction data, 3 million USDC tokens were stolen from Deus which was then exchanged for 200,000 DAI and 1,101.8 Ethereum.

The stamp of confirmation

Deus Finance took Twitter to acknowledge the hack. The team highlighted that the DEI lending contract had been closed, and both DEUS and DEI remain to be unaffected. They also brought to light that developers were working on a summary of the events and all updates would be provided post the assessment.

We are aware of the recent exploit reports regarding the $DEI lending contract.

Contract has been closed, both $DEUS & $DEI are unaffected. Devs are working on a summary of the events, all information will be communicated once we have assessed the full situation.
— DEUS Finance DAO (@DeusDao) March 15, 2022

The side effect of the hack was well-visible on the valuation of the exchange’s native DEUS token. It had attained a new ATH of $446 just yesterday, but at the time of press was down by more than 22% on the daily window.

DEI too had ended up losing 14% of its value in the past 24-hours.

Sigh of relief

Lafayette Tabor, DAO member and voluntary project lead at DEUS Finance, tweeted out a reimbursement notice and highlighted that a contract would be created where users would be able to repay their debt on it and reclaim their liquidated funds. The official handle of DEUS Finance retweeted the same.

$DEUS #HACK

REIMBURSEMENT NOTICE

We will create a contract you will be able to repay your DEBT on it and get your sAMM that were liquidated, we will also implement a feature that lets you swap DEI against a small MUON allocation. (paying from my team allocation)

make it whole!
— µ Lafa µ (@lafachief) March 15, 2022

Hand-Picked Top-Read Stories

Shiba Inu: How High Can SHIB Surge In May 2024?

When Does Walmart Restock Toys?

Cryptocurrency: 3 Top Coins To Buy For 70x Profits This Bull Season

Trending Tags