Hackers use identical exploit to steal another $13.4 Million from DeFi protocol on Fantom

Saif Naqvi
Hack
Source: Pixabay

With just four months into 2022, the number of crypto-related hacks has rocketed and investors and developers need to be more cautious than ever. Less than 24 hours ago, a DeFi protocol running on the Fantom network was reportedly hacked for $13.4 Million. Distressingly, hackers had used an identical tactic in March to steal $3 Million from the same protocol.

Source: Twitter

Deus Finance, a DeFi protocol running on Fantom which allows developers to create financial services, has been compromised for $13.4 Million, according to blockchain security firm PeckShield. A thread detailing the attack showed that hackers used a flash loan to briefly compromise prices on a liquidity pool consisting of stablecoin USDC and native token DEI.

Flash loans allow users to borrow any available amount of assets without putting up any collateral, as long as the liquidity is returned to the protocol within one block transaction.

PeckShield said that the attackers compromised a smart contract to initiate a flash loan of over 143 Million USDC and then swapped the funds for 9.5 Million DEI. DEI is a stablecoin within the Deus ecosystem, pegged 1:1 with the U.S. Dollar. The above swap caused DEI to become more expensive than its standard value.

Taking advantage of the increased price, the attacker placed 71,000 DEI as collateral to bag over 17.2 Million DEI. Once the flash loan was repaid, the attacker managed to pocket $13.4 Million in profits. PeckShield clarified that the protocol loss may even be larger.

Hacker scurries to move funds

Source: Etherscan

With the help of Etherscan, PeckShield identified the hacker’s main address but could not intervene in the transfer of funds. Etherscan showed that the hacker had already transferred the bulk of the winnings using Tornado Cash. The transfers occurred slightly over 2 hours from press time and only $2,513 in Ether were left in the said account.

Fool me once…Fool me twice…

Source: Twitter

Deus Finance was a victim of a similar attack in March when hackers used a flash loan exploit to steal $3 Million from the protocol. At the time, DEUS terminated affected contracts and said its developers were working on a post-mortem report. With the current loss nearly three times the earlier amount, developers would surely look to reinforce the network from such attempts.

Advancements in the crypto sphere this year have been marred with a growing number of hacks and theft-related scandals. As per REKT database, hackers have already stolen a massive $1.2 Billion worth of funds in the first quarter of 2022. Attacks on Axie Infinity’s Ronin Bridge and Solana’s Wormhole accounted for the worse hit protocols during the period.