Thursday’s multimillion-dollar decentralized finance breach resulted in the theft of around $13.5 million. DEUS Finance DAO was impacted this time.
Deus Finance, a DeFi platform, acknowledged reports that an attacker stole millions of dollars through an unlawful means.
CertiK and PeckShield, two blockchain security startups, reported that Deus Finance was the victim of a “flash loan attack.”
Suggested Reading | Telegram Rolls Out Crypto Payment Via Chat
The @DeusDao was exploited today in https://t.co/USKNHhXeid with ~$13.4M gain for the hacker (The protocol loss may be larger).
— PeckShield Inc. (@peckshield) April 28, 2022
Flash loans, which were pioneered by the early Ethereum DeFi project Aave, allow DeFi users to borrow an unlimited amount of funds without giving collateral as long as the loan is repaid in the same transaction.
DEUS Hack Could Be Bigger
According to PeckShield, the attacker stole around $13.4 million in cryptocurrencies, but the platform’s true losses may be bigger. CertiK estimated the loss to be 5,446 ETH, or approximately $15.7 million.
Blockchain data show the attacker borrowed $143 million in a flash loan and purchased 9.5 million DEI, Deus Finance’s stablecoin pegged to the US dollar.
Additionally, the data indicated that the hacker moved the funds to Tornado Cash, a cryptocurrency mixer that enables users to conceal the source of payments.
Crypto total market cap at $1.78 trillion on the daily chart | Source: TradingView.com
This acquisition increased the price of DEI, enabling the attacker to repay the flash loan and earn almost $13 million.
According to the announcement from PeckShield:
“The hack is made possible by the modification of the price oracle that reads from the StableVW AMM – USDC/DEI pair via flash loans… The pool is subsequently drained using the inflated price of collateral DEI.”
The Money Is Safe, DEUS Says
Deus stated that it has halted lending of the exploited DEI tokens in reaction to the situation. I t also stated that “user funds are secure” and that additional information would be provided later.
“Please be assured that all user funds are secure and that no users’ accounts have been liquidated. The developers are presently examining the entire nature of the incident and will provide additional facts soon,” the project’s creators said on Telegram.
Suggested Reading | McLaren Turbocharges Into The Metaverse, Rolls Out MSO LAB
This was not Deus Finance’s first security breach. Last month, the protocol also lost $3 million to a flash loan hack. The event fueled discussion about flash loans and the possible threat they pose to DeFi systems.
DEUS prices have fallen 16.5 percent in the last 24 hours, according to CoinGecko data. The majority of these losses occurred following the public disclosure of the exploit. By the time of publication, Deus had not responded to a request for comment.
Featured image from CryptoPotato, chart from TradingView.com
Source: https://bitcoinist.com/hacker-steals-13-million-in-deus-finance-exploit/