The latest multi-million dollar DeFi hack happened earlier this morning with the attacker stealing about $13.4 million. This time, DEUS Finance DAO was affected.
The DEUS team said that user funds were safe.
DEUS Finance Suffers Flash Loan Exploit
DEUS Finance DAO is the latest DeFi protocol to suffer a major attack.
The multi-chain DeFi project, which runs on Ethereum, Fantom, BNB Chain, and a number of other Layer 1 networks, was targeted in a flash loan exploit early Thursday morning.
On-chain data shows that an attacker leveraged a flash loan to target a DEUS liquidity pool on Fantom. Pioneered by the early Ethereum DeFi project Aave, flash loans give DeFi users the ability to borrow an unlimited amount of capital without providing any collateral as long as they pay back the loan in the same transaction. While flash loans are an example of DeFi innovation, they’ve been controversial due to the prominent role they’ve played in many multi-million dollar hacks.
This attack follows a similar playbook to many other recent incidents. As blockchain security firm PeckShield noted in a tweet storm, the hacker used the loan to manipulate a price oracle so that they could artificially inflate the price of DEUS’ DEI stablecoin. They then used the DEI as collateral to borrow more capital, and executed a trade for USDC. By the time they paid off the flash loan, they were left with about $13.4 million.
After executing the flash loan attack, the hacker moved the takings from Fantom to Ethereum and used Tornado Cash, an Ethereum-based privacy-preserving protocol popularly used in DeFi hacks, to siphon the funds to a “clean” address.
DEUS has since posted an update, saying that user funds are safe and DEI lending has been paused. It also said it will follow up with more details later. After suffering from a $3 million flash loan exploit only last month, it will have some explaining to do.
Disclosure: At the time of writing, the author of this piece owned ETH, AAVE, FTM, and several other cryptocurrencies.
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
Bored Ape NFT Thief Steals $2.7M in Instagram Hack
The hacker stole 91 NFTs, including 14 Bored Ape Yacht Club-affiliated NFTs. Bored Ape Yacht Club Instagram Hacked Yet more Bored Ape Yacht Club members have lost their high-value NFTs…
Millions Lost as Solana DeFi App cashio Suffers Hack
The Solana stablecoin protocol cashio has suffered an exploit leading to a complete collapse of its flagship stablecoin, CASH. cashio Hacked for Millions cashio, a stablecoin protocol on Solana, has…
Treasury Sanctions Additional North Korean Wallets Tied to Ronin Hack
The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned several North Korean Ethereum wallets tied to a hack of the Ronin blockchain that took place last month. Treasury…