According to a report from blockchain security firm PeckShield, DEUS Finance, a Fantom-based decentralized derivatives technology, was once again attacked, this time losing roughly $13.4 million in a flash loan assault. The network’s loss might be far greater than the hacker’s profit of $13.4 million, according to reports.
— PeckShield Inc. (@peckshield) April 28, 2022
PeckShield came to Twitter to elaborate on the most recent DeFi assault. The hacker used a flashloan-assisted price oracle that “reads from the StableV1 AMM – USDC/DEI pair” in it, which is a familiar route.
According to on-chain data, the exploit was carried out using a flash loan at around 2:40 AM UTC by an unknown perpetrator. Loans taken out with the demand that the borrowed amount be repaid in the same activity are known as flash loans. Smart contracts enable these things to happen.
The attacker made a profit of $13.4 million due to the artificially inflated value of the stablecoin, even though the flash loan for 17.2 million DEI was returned. Simply put, the hacker used Deus smart contracts’ ability to extract data from the network’s funding sources for harmful purposes. As a result, according to CoinGecko, the price of Deus has dropped 16 percent in the previous 24 hours at the time of writing.
What Was Stolen
The protocol’s governance token, DEUS, as well as a stablecoin, DEI, were both compromised by the vulnerability. The protocol was allegedly manipulated via a flash loan-assisted pricing oracle, according to PeckShield. The hacker rigged DEI prices to borrow and deplete the liquidity pool, which was made feasible by a liquidity pool comprised of two stablecoins — USD Coin (USDC) and DEI.
To carry out the assault, the hacker took out about 800 ETH from Tornado Cash and used Multichain to connect to Fantom. According to the hacker’s current address, the stolen money was traded for Ether and restored to Tornado Cash. This isn’t the first time Deus Finance had a security vulnerability. On March 15, the protocol was attacked, resulting in a gain of $3 million for the hacker (the protocol loss might be more), comprising of 1101.8 Ether and 200k DAI.