- Deus Finance announced that the attackers had made off 3million USDC, with the damage being suspected to be higher than the reported value.
- The CEO of the platform has come out pledging that he will reimburse everyone who was affected by the attack and create a new contract for users to repay their loans.
Yet another decentralized finance (DeFi) platform has fallen victim to an exploit. This time, it’s Deus Finance, a multichain crypto derivatives platform that lost $3 million in DAI and Ether to an attack. According to one cybersecurity firm, the damage could be much higher.
1/ @deusdao Deus Finance was exploited in https://t.co/bfYCQcz5rZ, leading to the gain of ~$3M for the hacker (The protocol loss may be larger), including 200,000 DAI and 1101.8 ETH
— PeckShield Inc. (@peckshield) March 15, 2022
Deus Finance is a DeFi platform that provides the infrastructure upon which others can create financial instruments such as options and futures trading as well as synthetic trading platforms. While it’s deployed on multiple blockchain networks, the attack happened on its Fantom-based protocol.
According to PeckShield, the attackers exploited a price oracle for flash loans which led to the insolvency of users’ funds. They manipulated the price in the pair of StableV1 AMM – USDC/DEI which Deus Finance had used to set a price oracle for its flash loans. The attackers managed to falsely show that DEI had collapsed, leading to the loss of all funds of the users supplying liquidity to DEI liquidity pools.
Blockchain records show that the attackers managed to take off with 3 million USDC tokens, which they exchanged for 1,101 ETH and 200,000 DAI tokens using Multichain, a decentralized exchange that was previously known as Anyswap.
To further obfuscate the path of the funds, they sent them to Tornado Cash, an infamous crypto mixer that has been the subject of regulatory concerns. As CNF reported, Tornado has been processing billions of dollars (over $10 billion last year) for users, with a sizeable amount being directly linked to digital asset crimes such as hacks and ransoms.
Read More: Are Bitcoin mixers illegal? A storm is brewing over Tornado Cash and co. as billions are laundered
The path of the stolen funds, courtesy of PeckShield.
Deus Finance users who lost funds will be reimbursed, the platform’s founder and CEO Lafayette Tabor revealed on Twitter.
We will create a contract you will be able to repay your DEBT on it and get your sAMM that were liquidated, we will also implement a feature that lets you swap DEI against a small MUON allocation. (paying from my team allocation).
The price of DEUS took a hit immediately following the attack but recovered almost instantly. In the past day, DEUS is up 12.35 percent to trade at $398 as it looks to have shrugged off the exploit.