Deus Finance DAO DeFi protocol has been hacked again. According to PeckShield, the attacker withdrew approximately $13.4 million worth of assets from smart contracts, but the project itself “could have lost more”.

This @DeusDao exploited today at https://t.co/USKNHhXeid with ~$13.4 million in earnings for the hacker (Protocol loss could be greater).

— Peck Shield Inc. (@peckshield) April 28, 2022

In March 2022, an unknown person withdrew about $3 million from the protocol, including 200,000 DAI and 1,101.8 ETH. To do this, he used instant credit – the assets thus obtained allowed the hacker to manipulate the oracle, which set the price on the USDC/DEI pair.

Analysts say a similar attack vector was used on April 28.

3/ As an example, we use the hack tx and show the following basic steps: pic.twitter.com/JyhgYpBmoB

— Peck Shield Inc. (@peckshield) April 28, 2022

“The hack was made possible by manipulating a price oracle that reads data from the USDC/DEI pair with instant credit. The manipulated DEI collateral price was then used to borrow and drain the pool. Sound familiar? ”, – wrote on PeckShield.

The company stated that it took the hacker’s 800 ETH (~$2.31 million) to launch the attack. He deposited funds through the Tornado Cash mixer and sent them to the Fantom network using the Multichain cross-chain protocol. The attacker converted the stolen assets back into Ethereum.

4/ Initial funds (~800 ETH) required to start the hack were withdrawn from: @TornadoNakit and tunneled through to the Phantom @MultichainOrg. Stolen funds are tunneled back @ethereum and stay on the hacker’s account https://t.co/crqRXRVuRw. pic.twitter.com/eaa8j5lxtK

— Peck Shield Inc. (@peckshield) April 28, 2022

According to CoinGecko, the event caused the algorithmic stablecoin DEI to briefly lose its peg against the US dollar. Currently, the price of the asset has dropped to $0.95.

The Deus Finance DAO team has confirmed the attack. The developers reported that user funds are safe, their positions are not liquidated. Lending with DEI has been suspended, stablecoin’s pegging to the dollar has been restored.

The development team is working on the DEI case.

1. User funds are safe. No users were purged.
2. DEI loans are temporarily suspended.
3. $DEI peg has been restored.

More details will follow.

— DEUS Finance DAO (@DeusDao) April 28, 2022

Against the background of the attack, the prices of the native token of the DEUS protocol fell by almost 16%. At the time of this writing, the asset is trading around 510 FTM (~$504).

Recall that in April, the Beanstalk Farms stablecoin protocol, based on Ethereum, lost more than $181 million in cryptocurrencies as a result of a hack.