Hacker pulled more than $13M from Deus Finance DAO DeFi protocol
April 28, 2022
0
Deus Finance DAO DeFi protocol has been hacked again. According to PeckShield, the attacker withdrew approximately $13.4 million worth of assets from smart contracts, but the project itself
Deus Finance DAO DeFi protocol has been hacked again. According to PeckShield, the attacker withdrew approximately $13.4 million worth of assets from smart contracts, but the project itself “could have lost more”.
This @DeusDao exploited today at https://t.co/USKNHhXeid with ~$13.4 million in earnings for the hacker (Protocol loss could be greater).
In March 2022, an unknown person withdrew about $3 million from the protocol, including 200,000 DAI and 1,101.8 ETH. To do this, he used instant credit – the assets thus obtained allowed the hacker to manipulate the oracle, which set the price on the USDC/DEI pair.
Analysts say a similar attack vector was used on April 28.
“The hack was made possible by manipulating a price oracle that reads data from the USDC/DEI pair with instant credit. The manipulated DEI collateral price was then used to borrow and drain the pool. Sound familiar? ”, – wrote on PeckShield.
The company stated that it took the hacker’s 800 ETH (~$2.31 million) to launch the attack. He deposited funds through the Tornado Cash mixer and sent them to the Fantom network using the Multichain cross-chain protocol. The attacker converted the stolen assets back into Ethereum.
4/ Initial funds (~800 ETH) required to start the hack were withdrawn from: @TornadoNakit and tunneled through to the Phantom @MultichainOrg. Stolen funds are tunneled back @ethereum and stay on the hacker’s account https://t.co/crqRXRVuRw. pic.twitter.com/eaa8j5lxtK
According to CoinGecko, the event caused the algorithmic stablecoin DEI to briefly lose its peg against the US dollar. Currently, the price of the asset has dropped to $0.95.
The Deus Finance DAO team has confirmed the attack. The developers reported that user funds are safe, their positions are not liquidated. Lending with DEI has been suspended, stablecoin’s pegging to the dollar has been restored.
The development team is working on the DEI case.
1. User funds are safe. No users were purged. 2. DEI loans are temporarily suspended. 3. $DEI peg has been restored.
Against the background of the attack, the prices of the native token of the DEUS protocol fell by almost 16%. At the time of this writing, the asset is trading around 510 FTM (~$504).
Hourly DEUS/FTM chart of SpiritSwap exchange. Data: DEX Tracker.
Recall that in April, the Beanstalk Farms stablecoin protocol, based on Ethereum, lost more than $181 million in cryptocurrencies as a result of a hack.
I’m Sandra Torres, a passionate journalist and content creator. My specialty lies in covering the latest gadgets, trends and tech news for Div Bracket. With over 5 years of experience as a professional writer, I have built up an impressive portfolio of published works that showcase my expertise in this field.