DeFi derivatives platform Deus Finance suffered an attack leading to the loss of over $3 million worth of cryptocurrencies including 200,000 DAI and 1101.8 ETH tokens. This was revealed by security firm PeckShield while adding that the total losses could be much higher.
Researchers at PeckShield released a series of tweets sharing the details of the exploit. In it, the firm said the attack on Deus Finance occurred on its Fantom network iteration. Attackers employed flash loans to artificially modify the prices on Deus’ offerings.
“Hackers used flash loans to manipulate the contract that determined the price of DEI – one of the two tokens issued by Deus Finance – to falsely show that DEI had collapsed. This led to a loss of all funds of the users supplying liquidity to the DEI/USDC pool,” the firm tweeted.
Further, PeckShield cited Blockchain data showing more than 3 million USDC tokens were stolen from Deus Finance which was exchanged for 200k DAI and 1,101.8 ether [ETH] through decentralized exchange Multichain. The exploited funds were then washed using the crypto mixing tool Tornado, which hides the addresses of the hacker and makes it difficult to trace stolen assets back to their perpetrator.
Deus finance token DEUS plunged by 40%
The hack send prices of Deus’ native DEUS token on a downward spiral, plummeting nearly 40% after reports of the event began to circulate but seemed to recover at the time of writing.
Following the incident, Deus finance confirmed the attack via Twitter announcing that it has shut down affected smart contracts and assured the community that its developers were working on publishing a summary report. Adding that all information will be communicated once the full situation is thoroughly analyzed.
Flash loan attacks are a common threat and enable hackers to steal massive amounts of cryptocurrency with a low risk of exposure. Some of the largest and most expensive flash loan attacks to date include PancakeBunny. In May 2021, a bug in the price calculations for the BUNNY token was hacked allowing the attacker to steal $45 million from the protocol.
A few months prior, the Alpha Finance project was exploited for about $37.5 million in tokens using a malicious contract that the Alpha Homora code was tricked into believing was an internal contract.