Deus Finance loses over $6M due to security breach on its stablecoin DEI
Decentralized finance (DeFi) protocol Deus Finance has lost over $6 million due to a security breach on its stablecoin DEI (DEI). The hacker exploited a vulnerability in the BNB Smart Chain (BSC) on May 5, according to blockchain security firm PeckShield.
A bot initiated the hack on the BSC, which led to a more than $1.3 million loss. The attacker also targeted the Arbitrum network, with ARB/ETH deployments losing over $5 million. Twitter users claimed the token contract had a basic implementation error as the root cause.
The protocol confirmed the attack, paused all contracts, and burned DEI tokens to prevent further damage. “We are currently in the process of comprehending the actual backing of DEI tokens,” said the Deus team on Twitter, adding that a “comprehensive recovery and redemption plan” will be created after a full analysis of the balances and snapshots.
DEI price drops by 30%
DEI is used as a collateral mechanism for third-party instruments built on the Fantom protocol. Its price dropped 30% over the past 24 hours, data from CoinMarketCap shows. The stablecoin is trading at $0.20 at the time of writing, losing its $0.30 peg. Last year, the stablecoin also lost its $1 peg after the Terra collapse.
Not the first hack for Deus Finance
It is not the first time that Deus Finance has been hacked. The protocol was exploited in March 2022 in a flash-loan attack, resulting in over $3 million in losses in Dai (DAI) and Ether (ETH). At the time, PeckShield revealed the exploiters funneled the stolen funds using the crypto mixer Tornado Cash.
Summary
- Deus Finance has lost over $6 million due to a security breach on its stablecoin DEI
- The hacker exploited a vulnerability in the BNB Smart Chain (BSC) on May 5
- The protocol confirmed the attack, paused all contracts, and burned DEI tokens to prevent further damage
- DEI price dropped 30% following the security incident
- This is not the first time that Deus Finance has been hacked, with a previous hack in March 2022 resulting in over $3 million in losses