This morning, DEUS Finance DAO was attacked. The hacker managed to steal $13.3 million.
The DEUS Finance DAO is the recent victim of a severe attack on the DeFi protocol. The DeFi project is a multi-chain initiative that runs on Ethereum, Fantom, and various other Layer 1 networks.
As data reveals, an attacker took advantage of a flash loan to target a DEUS liquidity pool on Fantom. People can get flash loans from the early Ethereum DeFi project Aave. If they pay back the loan in the same transaction, they do not need to put down anything of value. Flash loans are a DeFi innovation. However, they have been controversial due to their role in many multi-million dollar hacks.
Diving Into The Hack
There are obvious parallels between this attack and other previous ones. Blockchain security firm PeckShield’s tweet shares the insights of the hack. The hacker utilized the loan to manipulate a pricing oracle in order to artificially increase the price of DEUS’ DEI stablecoin. Afterward, they did a trade for USDC in which they pledged the DEI as collateral for a loan. After paying the loan, they left with around $13.4 million.
Following on, the hacker moved the money from Fantom to Ethereum and used Tornado Cash. Tornado Cash is an Ethereum-based privacy protocol that is used to move the money to a “clean” address.
According to an update from DEUS, user funds are safe. Currently, DEI loans have been put on hold. In addition, the company also said that it would give more information later on. After a $3 million flash loan scam last month, it will have to explain itself.