DeFi Hacker Steals $13.4M in DEUS Finance Attack

The DEUS team said that user funds were safe. 

DEUS Finance Suffers Flash Loan Exploit 

DEUS Finance DAO is the latest DeFi protocol to suffer a major attack. 

The multi-chain DeFi project, which runs on Ethereum, Fantom, BNB Chain, and a number of other Layer 1 networks, was targeted in a flash loan exploit early Thursday morning. 

On-chain data shows that an attacker leveraged a flash loan to target a DEUS liquidity pool on Fantom. Pioneered by the early Ethereum DeFi project Aave, flash loans give DeFi users the ability to borrow an unlimited amount of capital without providing any collateral as long as they pay back the loan in the same transaction. While flash loans are an example of DeFi innovation, they’ve been controversial due to the prominent role they’ve played in many multi-million dollar hacks. 

This attack follows a similar playbook to many other recent incidents. As blockchain security firm PeckShield noted in a tweet storm, the hacker used the loan to manipulate a price oracle so that they could artificially inflate the price of DEUS’ DEI stablecoin. They then used the DEI as collateral to borrow more capital, and executed a trade for USDC. By the time they paid off the flash loan, they were left with about $13.4 million. 

After executing the flash loan attack, the hacker moved the takings from Fantom to Ethereum and used Tornado Cash, an Ethereum-based privacy-preserving protocol popularly used in DeFi hacks, to siphon the funds to a “clean” address. 

DEUS has since posted an update, saying that user funds are safe and DEI lending has been paused. It also said it will follow up with more details later. After suffering from a $3 million flash loan exploit only last month, it will have some explaining to do. 

Disclosure: At the time of writing, the author of this piece owned ETH, AAVE, FTM, and several other cryptocurrencies.