Deus Finance Exploited for $13.4M in Flash Loan Attack

  • Blockchain security firm PeckShield noted the attacker used a $143 million flash loan to inflate the price of DEI, allowing him to steal $13.4 million from Deus Finance.
  • This is the second time in two months that a malicious entity had used a flash loan exploit to manipulate the price of digital assets on the DeFi platform.
exploit

Shutterstock

Decentralized finance (DeFi) protocol Deus Finance DAO has suffered a flash loan exploit for the second time in two months, blockchain security firm PeckShield said on Twitter on 28 April.

According to the company, the attacker used a flash loan — which requires the borrower to return the sum in the same transaction — to trick the protocol’s smart contracts at around 2:40 AM UTC, allowing him to get away with about $13.4 million. The blockchain security firm also noted that the total losses for Deus Finance could be much higher then what the hacker stole.

PeckShield further explained that the attacker used a $143 million flash loan on the Fantom blockchain to artificially inflate the price of DEI — the cross-chain platform’s governing token — which was then used as collateral to borrow more funds. The additional capital was then sold for USDC, with the attacker repaying his flash loan all in the same transaction. The funds were then moved from Fantom to Ethereum, where they were laundered through Tornado Cash, a mixing protocol used to obfuscate transactions on the Ethereum network.

In response to the attack, Deus Finance tweeted that it had temporarily halted DEI lending, and that the DEI peg was restored. The team behind the project also stated that user funds were safe, and that it would release more details on a later date. Back in March, Deus Finance experienced a similar incident — where an attacker used a flash loan to manipulate the price of DAI — which saw a hacker steal $3 million from the project.

Discussion
Related Coverage
Korean Authorities Reportedly Make First Arrest in Terra Case
  • The head of Terraform Labs’ general business operations has reportedly been arrested under accusations of market manipulation and fraud.
  • The CEO of the company, Do Kwon, was issued on order to return his passport in 14 days, after which it will be invalidated.
  • October 6, 2022, 12:19 PM
    arrest

    Shutterstock

    Tether Ordered to Provide Documents Connected to USDT Backing
    • The stablecoin issuer was order to produce a number of financial documents, as well as records of crypto trades, transfers, and its accounts with crypto exchanges.
    • The order was made as part of a case that was started in 2019 by a group of investors, who alleged the company had manipulated the crypto market in 2017.
    Gibraltar to Combat Crypto Market Manipulation With New Rules
    • The legislation will implement new standards for crypto market integrity in Gibraltar, designed to combat insider trading and market manipulation in the sector.
    • DLT providers will now be required to seek out and prevent insider trading, and the publication of misleading information aimed at manipulating the crypto market.