Hackers have recently targeted Deus Finance DAO, a decentralized finance (DeFi) network. This is the second time the platform has been targeted in the previous 60 days.
PeckShield, a blockchain security business, announced on April 28 that hackers had compromised Deus Finance, a DeFi project based on the Fantom blockchain.
According to the security firm, the incident resulted in a loss of up to $13.4 million, with Ethereum accounting for the majority of the stolen assets (ETH).
The PeckShield release stated, “The hack is made feasible because of the flash loan-assisted manipulation of the price oracle that reads from the StableVW AMM – USDC/DEI pair.” “The pool is then drained by borrowing and draining the falsified price of collateral DEI.”
Deus Finance is not new to hacks
After being employed in some of the most high-profile assaults of 2022, flash loans have gained the reputation of being one of the most popular ways to target DeFi platforms.
According to PeckShield’s early investigation, the hackers’ primary attack mode was a flash loan.
The breach was triggered with a total of 800 ETH ($2.2 million) taken from Tornado Cash and transmitted to Fantom via the MultiChain. The stolen assets were converted to ETH and put in the hacker’s account after the conclusion of the assault.
“This address is alleged to be implicated in a flash loan exploit on DeusDao,” says a warning attached to the hackers’ wallet address. “There will be more.”
PeckShield announced in the middle of March that Deus Finance had been the victim of an exploit that resulted in a $3 million loss.
“The protocol may be bigger,” PeckShield speculated, “with 200 DAI and 1101.8 ETH.”
The March attack was very similar to the previous attack in that it employed the same flash loan-assisted pricing manipulation. The assets were moved from Tornado Cash initially, then tunneled in the same fashion as the April attack.
The community was disappointed that the protocol had been hacked again in the same way. While the community waits for an official reaction, calls have been made to Circle to freeze the $USDC implicated in the incident.