Share this article
The DEUS team said that user funds were safe.
DEUS Finance Suffers Flash Loan Exploit
DEUS Finance DAO is the latest DeFi protocol to suffer a major attack.
The multi-chain DeFi project, which runs on Ethereum, Fantom, BNB Chain, and a number of other Layer 1 networks, was targeted in a flash loan exploit early Thursday morning.
On-chain data shows that an attacker leveraged a flash loan to target a DEUS liquidity pool on Fantom. Pioneered by the early Ethereum DeFi project Aave, flash loans give DeFi users the ability to borrow an unlimited amount of capital without providing any collateral as long as they pay back the loan in the same transaction. While flash loans are an example of DeFi innovation, they’ve been controversial due to the prominent role they’ve played in many multi-million dollar hacks.
This attack follows a similar playbook to many other recent incidents. As blockchain security firm PeckShield noted in a tweet storm, the hacker used the loan to manipulate a price oracle so that they could artificially inflate the price of DEUS’ DEI stablecoin. They then used the DEI as collateral to borrow more capital, and executed a trade for USDC. By the time they paid off the flash loan, they were left with about $13.4 million.
After executing the flash loan attack, the hacker moved the takings from Fantom to Ethereum and used Tornado Cash, an Ethereum-based privacy-preserving protocol popularly used in DeFi hacks, to siphon the funds to a “clean” address.
DEUS has since posted an update, saying that user funds are safe and DEI lending has been paused. It also said it will follow up with more details later. After suffering from a $3 million flash loan exploit only last month, it will have some explaining to do.
Disclosure: At the time of writing, the author of this piece owned ETH, AAVE, FTM, and several other cryptocurrencies.
Share this article
Bored Ape NFT Thief Steals $2.7M in Instagram Hack
The hacker stole 91 NFTs, including 14 Bored Ape Yacht Club-affiliated NFTs. Bored Ape Yacht Club Instagram Hacked Yet more Bored Ape Yacht Club members have lost their high-value NFTs…
Millions Lost as Solana DeFi App cashio Suffers Hack
The Solana stablecoin protocol cashio has suffered an exploit leading to a complete collapse of its flagship stablecoin, CASH. cashio Hacked for Millions cashio, a stablecoin protocol on Solana, has…
Treasury Sanctions Additional North Korean Wallets Tied to Ronin Hack
The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned several North Korean Ethereum wallets tied to a hack of the Ronin blockchain that took place last month. Treasury…