The tech used in the Decentralized Finance [DeFi] space is comparatively novel. As a result, this space has been susceptible to hacks since its inception. Attacks and violations have been taking place on and off. In what is the latest happening, Deus Finance was victimized.
As per PeckShield, Deus Finance was exploited on Tuesday, with the attacker swiping around $3 million in Ethereum and DAI. Per the blockchain security and data analytics company, the protocol loss could be much more.
As such, Deus Finance is a decentralized bilateral OTC derivatives platform that allows customers to build synthetic stocks, trading platforms, and other instruments.
The hack’s postmortem
Per PeckShield, the flash-loan manipulation of a price oracle had led to the hack. The hackers used flash loans to manipulate the contract that determined the price of DEI, one of the two tokens issued by Deus Finance, to falsely show that DEI had collapsed. This led to a loss of funds of the users supplying liquidity to the DEI/USDC pool.
Outlining the steps using the hack transaction, PechShield brought to light that the funds were initially withdrawn from cryptocurrency mixer TornadoCash and tunneled to Fantom via Multichain (previously Anyswap). Their tweet noted,
“The initial funds to launch the hack are withdrawn from @TornadoCash and tunneled to Fantom via @MultichainOrg. The result gains are tunneled via @MultichainOrg and funds are now washed via @TornadoCash.”
As per the blockchain transaction data, 3 million USDC tokens were stolen from Deus which was then exchanged for 200,000 DAI and 1,101.8 Ethereum.
The stamp of confirmation
Deus Finance took Twitter to acknowledge the hack. The team highlighted that the DEI lending contract had been closed, and both DEUS and DEI remain to be unaffected. They also brought to light that developers were working on a summary of the events and all updates would be provided post the assessment.
The side effect of the hack was well-visible on the valuation of the exchange’s native DEUS token. It had attained a new ATH of $446 just yesterday, but at the time of press was down by more than 22% on the daily window.
DEI too had ended up losing 14% of its value in the past 24-hours.
Sigh of relief
Lafayette Tabor, DAO member and voluntary project lead at DEUS Finance, tweeted out a reimbursement notice and highlighted that a contract would be created where users would be able to repay their debt on it and reclaim their liquidated funds. The official handle of DEUS Finance retweeted the same.