According to PeckShield, DeusDao could be one of the victims of the most significant exploit made by hackers recently. It is the world-first decentralized bilateral OTC derivatives platform, allegedly losing $13.7 million in lost funds with possibly more losses.
2/ The hack is made possible due to the flashloan-assisted manipulation of price oracle that reads from the StableV1 AMM – USDC/DEI pair. The manipulated price of collateral DEI is then used to borrow and drain the pool. Sounds familiar?https://t.co/3uk44CXo78 pic.twitter.com/ng2BYPPOiY
— PeckShield Inc. (@peckshield) April 28, 2022
DeusDao was hacked and stole $13.4M from this DeFi platform
The hack was possible thanks to price manipulation through flash loans. By manipulating the oracle price, hackers can borrow and withdraw from the pool while not having to pay the corresponding collateral. As PeckShield suggested, the hacking scheme is not new and has been used in the past to mine other DeFi platforms.
PeckShield also describes four precise steps that allow a hacker or a group of hackers to steal said funds. First, hackers earned 143 million USDC and exchanged them for 9.5 million DEIO using the sAMM-USDC/DEI_USDC_DEI pair, making DEI extremely expensive. With only 71,436 DEI as collateral, the hacker could borrow 17 million DEI thanks to price manipulation and repay the flash loan while leaving $13 million in profit after the hack.
The whole mining could be due to issues in the code that messed up the price oracle function responsible for proper price balancing. Accordingly, the initial 800 ETH used to kick off the hack was withdrawn from the TornadoCash coin mixing solution and then sent to Fantom using multichain.
After the successful hack, funds were sent back to the Ethereum wallet ending in a37cb and then sent to TornadoCash again to include all traces left after another hack. Most likely, this hack is related to one of the hacker groups that have been attacking various DeFi and NFT projects since last month.
This is the second flash loan attack on Deus Finance in the past two months. Previously, on March 15, Deus Finance and two victims, Agave and Hundred Finance, were simultaneously attacked by hackers through flash loans to appropriate assets.
Join us on Telegram
Follow us on Twitter
Follow us on Facebook