Deus DAO suffers another flash loan exploit, loses over $16M

Deus Finance DAO has suffered another exploit and lost $13.4 million worth of ETH to a hacker less than a month after being hacked in a similar flash loan attack for roughly $3 million.

Deus DAO lost over $16 million to the two attacks

Blockchain security company PeckShield first reported the exploit claiming that although the hacker gained around $13.4 million, the protocol might have lost more.

According to PeckShield, the hacker used a flash loan to manipulate the price oracle and inflate the value of DEI. Then the hacker used the inflated DEI as collateral to borrow and drain the protocol. The exploit in March was achieved using the same method.

The hacker initially withdrew 800 ETH from Tornado Cash to imitate the exploit, sending the funds through Multichain into Fantom. After stealing the funds, the hacker paid the flash loan and sent the proceeds to his wallet.

It now appears that the hacker has moved most of the proceeds from the wallet, as only 0.85 ETH was in the wallet as of press time.

Deus team response

In its initial response, Deus Finance DAO has called for calm after revealing that its team was working on it. The protocol claimed that all user funds were safe and no user was liquidated due to the exploit. 

The multichain decentralized derivatives platform also stated that the $DEI peg is restored and that it will provide more updates soon.

Its founder, the pseudonymous lafachief, disagreed with how PeckShield described the exploit.

He added that protocol uses “Muon Oracles not onchain,” and the hacker “was able to manipulate VWAP prices of Muon.” He continued that the attacker “basically “faking” swap of ~2M USDC to 100k DEI” and “manipulated the Muon VWAP price with it.”

Lossless DeFi, a crypto hack mitigation tool, also offered to help Deus catch the hacker if it was willing to cooperate.

However, some users are concerned about the platform’s security, considering that the same exploit had happened twice in less than a month.

Symbiosis

Source: https://cryptoslate.com/deus-dao-suffers-another-flash-loan-exploit-loses-over-16m/