Deus Finance exploit: Hackers get away with $3M worth of DAI and Ether

Multi-token decentralized finance (DeFi) marketplace Deus Finance has become the latest victim of an exploit resulting in over $3 million losses in DAI and Ether (ETH).

DeFi analytic firm PeckShield took to Twitter to explain the cause and manner in which the funds were exploited. The hackers behind the attack managed to exploit and manipulate price oracle for flash loans, resulting in the insolvency of users’ funds.

1/ @deusdao Deus Finance was exploited in https://t.co/bfYCQcz5rZ, leading to the gain of ~$3M for the hacker (The protocol loss may be larger), including 200,000 DAI and 1101.8 ETH

— PeckShield Inc. (@peckshield) March 15, 2022

The hackers manipulated the price from the pair of StableV1 AMM - USDC/DEI, using which the protocol used to set price oracle for its flash loans.

PeckShield revealed that hackers managed to steal 200,000 DAI and 1101.8 ETH, and the total amount of stolen funds could be larger than the early estimates of $3 million.

The hacker behind the attack then funneled the stolen funds using the coin mixer tool Tornado cash via Multichain protocol (previously known as AnySwap).

Related: Altcoin Roundup: DeFi token prices are down, but utility is on the rise

Deus Finance acknowledged the exploit on its lending protocol and claimed it has closed its $DEI lending contract. The DeFi protocol also claimed that both $DEUS and $DEI are unaffected by the exploit.

We are aware of the recent exploit reports regarding the $DEI lending contract.Contract has been closed, both $DEUS & $DEI are unaffected. Devs are working on a summary of the events, all information will be communicated once we have assessed the full situation.

— DEUS Finance DAO (@DeusDao) March 15, 2022

Deus Finance provides DeFi infrastructure to help others create financial instruments including synthetic stock trading platforms, options and futures trading.

Lafayette Tabor, the CEO of Deus Protocol took to Twitter to inform the community about the reimbursement plans. He said that the developers would create a new contract where affected users would be able to repay their loans. He explained:

“We will create a contract you will be able to repay your DEBT on it and get your sAMM that were liquidated, we will also implement a feature that lets you swap DEI against a small MUON allocation. (paying from my team allocation).”
THORSwap relaunches cross-chain trading on four of five networks   Oct. 12, 2021
THORChain loses up to $7.6M in ‘Chaosnet’ exploit, offers hacker a bounty to return funds   July 16, 2021
The aftermath of Axie Infinity’s $650M Ronin Bridge hack   April 12, 2022
Another depeg — Acala trace report reveals 3B aUSD erroneously minted   Aug. 17, 2022
Almost $1M in crypto stolen from vanity address exploit   Sept. 26, 2022