Multi-token decentralized finance (DeFi) marketplace Deus Finance has become the latest victim of an exploit resulting in over $3 million losses in the Dai (DAI) and Ether (ETH).
DeFi analytic firm PeckShield took to Twitter to explain the cause and manner in which the funds were exploited. The hackers behind the attack managed to exploit and manipulate a price oracle for flash loans, resulting in the insolvency of users’ funds.
— PeckShield Inc. (@peckshield) March 15, 2022
The hackers manipulated the price from the pair of StableV1 AMM – USDC/DEI, which the protocol used to set a price oracle for its flash loans.
PeckShield revealed that hackers managed to steal 200,000 DAI and 1101.8 ETH, and the total amount of stolen funds could be larger than the early estimates of $3 million.
The hacker behind the attack then funneled the stolen funds using the coin mixer tool Tornado cash via the Multichain Protocol (previously known as AnySwap).
Deus Finance acknowledged the exploit on its lending protocol and claimed it has closed its DEI lending contract. The DeFi protocol also claimed that both DEUS and DEI are unaffected by the exploit.
We are aware of the recent exploit reports regarding the $DEI lending contract.
— DEUS Finance DAO (@DeusDao) March 15, 2022
Deus Finance provides DeFi infrastructure to help others create financial instruments including synthetic stock trading platforms, options and futures trading.
Lafayette Tabor, the CEO of Deus Protocol, took to Twitter to inform the community about the reimbursement plans. He said that the developers would create a new contract where affected users would be able to repay their loans. He explained:
“We will create a contract you will be able to repay your DEBT on it and get your sAMM that were liquidated, we will also implement a feature that lets you swap DEI against a small MUON allocation. (paying from my team allocation).”