Deus Finance, a decentralized finance application, has been the latest protocol to suffer a hack. Blockchain security firm PeckShield revealed the exploit, noting that the hacker(s) stole $13.4 million from the Fantom integration of the multi-chain protocol.
Deus Finance suffers second hack in two months
In a thread on Twitter, PeckShield explained how the exploit was carried out. The hacker used a flash loan-assisted manipulation to alter the prices of Dues’ two native dollar-pegged stablecoin token DEI.
The price oracle of the protocols USDC/DEI pair pool was compromised, allowing the hacker to use the manipulated price of the token as collateral to borrow from and drain the pool.
2/ The hack is made possible due to the flashloan-assisted manipulation of price oracle that reads from the StableV1 AMM – USDC/DEI pair. The manipulated price of collateral DEI is then used to borrow and drain the pool. Sounds familiar?https://t.co/3uk44CXo78 pic.twitter.com/ng2BYPPOiY
— PeckShield Inc. (@peckshield) April 28, 2022
Trending Stories
The hacker’s original funding for the loan, approximately 800 ETH, was transferred from Tornado Cash and tunneled to a Fantom wallet address through Multichain. Following the successful hack, the funds have been tunneled back to an Ethereum wallet address.
While the hacker’s profit amounted to $13.4 million, PeckShield warns that Deus’ losses may be even more. Deus Finance, meanwhile, suffered a very similar hack in March where the hacker stole $3million.
Following the latest hack, DEUS, the governance token of the protocol, saw a price drop. The token is down around 7.35% in the last 24 hours, trading at $564 per data from CryptoRank.
Hacks raise questions about the security of crypto platforms recorded
The credibility and security of blockchain technology continue to be put in doubt due to rampant hacks. So far in 2022, malicious actors have stolen over $1.5 billion from blockchain-based platforms according to data from SlowMist.
Of the around 100 reported hack events the platform recorded this year, the Axie Infinity Ronin network $625 million hack was the biggest to date. The exploit also takes the record for the highest loss in the industry’s history.
While comfort is not very common for investors who lose their assets in such exploits, Sky Mavis, the parent company of the play-to-earn protocol has promised to refund all users that suffered losses.