Deus Finance DAO Suffers Second Exploit in Less Than 60 Days

Updated by Andrew Rossow
In Brief
  • Deus Finance DAO was the victim of a flash loan exploit.atastrophic exploit that led to the loss of nearly $13.4 million.
  • The attack led to the loss of approximately $13.4 million.
  • The DeFi project was hit by a similar attack back in March, where hackers made off with over $3 million.
  • promo

    Invest and Seaside Club Will Do the Rest Read Now

Deus Finance DAO is the latest decentralized finance (DeFi) platform to be targeted by hackers. This attack is the second to target the platform within the last 60 days.

On April 28, blockchain security firm PeckShield reported that Deus Finance, a DeFi project leveraging the Fantom blockchain, had been exploited by hackers. The security firm stated that the attack led to the loss of up to $13.4 million with the bulk of stolen assets being Ethereum (ETH).

“The hack is made possible due to the flash loan-assisted manipulation of the price oracle that reads from the StableVW AMM – USDC/DEI pair,” read the PeckShield announcement. “The manipulated price of collateral DEI is then used to borrow and drain the pool.”

Flash loans have earned the reputation of being one of the most common ways to attack DeFi platforms after being used in some of the high-profile attacks of 2022. PeckShield’s preliminary report suggested that flash loan was the main method of attack by the hackers.

A total of 800 ETH ($2.2 million) was used to trigger the hack, which was withdrawn from Tornado Cash and sent to Fantom through the MultiChain. At the end of the attack, the stolen funds were converted to ETH and deposited in the hacker’s account.

The hackers’ wallet address has since been flagged with a warning that reads, “This address is reported to be involved in a flash loan exploit on DeusDao. More to come.”

Not the first time, and probably not the last

In the middle of March, PeckShield reported that Deus Finance had suffered an exploit that led to the loss of $3 million.

“The protocol may be larger, including 200 DAI and 1101.8 ETH,” noted PeckShield. 

The attack in March bears striking similarities with the recent attack as it used the same flash loan-assisted manipulation of price. The funds were first transferred from Tornado Cash and tunneled the same way as April’s attack.

The community expressed disappointment that the protocol was hacked in the same manner twice. Calls have been made to Circle to freeze the $USDC involved in the attack while the community waits for an official response.

“The dev team is working on the DEI situation,” said the Deus Finance team. They claimed on Twitter that user funds are safe and the $DEI peg has been restored, however, DEI lending has been temporarily halted.

Given the spike in the number of exploits in DeFi, projects are turning to bug bounty programs to stem the tide. The services of blockchain security firms are in high demand to scrutinize smart contracts for any potential flaws that could be exploited.

What do you think about this subject? Write to us and tell us!

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.