Deus Finance Exploited for $13.4M in Flash Loan Attack

  • Blockchain security firm PeckShield noted the attacker used a $143 million flash loan to inflate the price of DEI, allowing him to steal $13.4 million from Deus Finance.
  • This is the second time in two months that a malicious entity had used a flash loan exploit to manipulate the price of digital assets on the DeFi platform.


Decentralized finance (DeFi) protocol Deus Finance DAO has suffered a flash loan exploit for the second time in two months, blockchain security firm PeckShield said on Twitter on 28 April.

According to the company, the attacker used a flash loan — which requires the borrower to return the sum in the same transaction — to trick the protocol’s smart contracts at around 2:40 AM UTC, allowing him to get away with about $13.4 million. The blockchain security firm also noted that the total losses for Deus Finance could be much higher then what the hacker stole.

PeckShield further explained that the attacker used a $143 million flash loan on the Fantom blockchain to artificially inflate the price of DEI — the cross-chain platform’s governing token — which was then used as collateral to borrow more funds. The additional capital was then sold for USDC, with the attacker repaying his flash loan all in the same transaction. The funds were then moved from Fantom to Ethereum, where they were laundered through Tornado Cash, a mixing protocol used to obfuscate transactions on the Ethereum network.

In response to the attack, Deus Finance tweeted that it had temporarily halted DEI lending, and that the DEI peg was restored. The team behind the project also stated that user funds were safe, and that it would release more details on a later date. Back in March, Deus Finance experienced a similar incident — where an attacker used a flash loan to manipulate the price of DAI — which saw a hacker steal $3 million from the project.

Related Coverage
Sturdy Finance Exploited for $800,000
  • The decentralized lending protocol paused all its markets after an attacker used a manipulated price oracle to steal 442 ETH from the platform.
  • Blockchain security firm BlockSec noted that the attacker used a reentrancy vulnerability to manipulate a price oracle that determined the prices of assets in a liquidity pool on Balancer.
June 12, 2023, 12:24 PM


U.S. Prosecutors File Fraud Charges Against Do Kwon
  • Do Kwon was charged with conspiracy to defraud, commodities fraud, securities fraud, wire fraud, and conspiracy to engage in market manipulation.
  • A spokesperson for the Manhattan U.S. attorney’s office, which brought the charges against Do Kwon, said the Department of Justice (DoJ) will seek his extradition.
Euler Finance Gives $200M Exploiter an Ultimatum
  • DeFi lending protocol Euler Finance has given the exploiter 24 hours to return 90% of the $197 million he stole in a flash-loan attack on Monday.
  • If the funds were not returned in time, the protocol is ready to post a $1 million bounty on any information that could lead to the arrest of the attacker.