The hackers managed to extract the funds from Deus Finance using a flash loans attack. They then laundered the removed funds into Tornado Cash.
The decentralized finance (DeFi) protocol for crypto derivatives, DEUS Finance DAO, faced a hacking attack this Tuesday that left harm valued at USD 3 million.
Security firm PeckShield reported in a tweet that hackers stole nearly $3 million in cryptocurrency from the platform through a flash loan attack. The stolen funds include 200,000 DAI and 1,101 Ethereum (ETH). However, they added that the losses could surpass the estimated amount.
According to reports, the attackers influenced the prices of Deus Finance offerings by applying for a flash loan, a form of unsecured lending widespread in the DeFi space that carries out its activities through smart contracts. PeckShield highlighted that the hackers targeted the DEI loan contract, the project’s stable coin.
Hacker Laundered Profits in Tornado Cash
The criminals manipulated the price oracle through quick loans, a tool that brings price information to the blockchain, which detected the price of DEI, to show that this token had crashed falsely. This action led to the loss of all user funds that brought liquidity to the DEI/USDC pool.
Although the attacker would have paid off the loans, he still managed to make a sizable profit in digital assets. On-chain data demonstrated that more than 3 million USDC, the stable coin pegged 1:1 to the US dollar, got extracted. The tokens got exchanged for 200,000 DAI and 1,101.8 ETH via decentralized exchange Multichain.
After exploiting the platform, the hacker migrated the funds to the private exchange tool, Tornado Cash. This platform masks addresses and makes it challenging to link funds to their perpetrator.
The Deus Finance team discovered the exploit of its loan protocol and reported the situation in a tweet, adding that it has closed its loan agreement for DEI. The protocol also assured that the DEUS and DEI tokens did not receive harm from the attack and said their developers were joining efforts to make a post-mortem report.
The Deus Finance attack, a multi-chain protocol, occurred on the Fantom blockchain. Deus allows developers to create and issue financial instruments on its platform within the DeFi space, such as derivatives or options.
Another Flash Loans Attack
The hack arrived a few days after Fantasm Finance’s case, another Fantom-based DeFinetwork, mined for more than $2.6 million; the protocol got released in early March.
Deus also participates in the long list of DeFi platforms harmed by flash loan attacks. Last year, Binance Smart Chain (BSC)-based platform Cream Finance suffered an extraction valued at more than $150 million in three attacks aimed at its lending contracts; BurgerSwap also lost at least $7 million in another hack last year.
In November, a report released by The Block revealed that flash loans are a favorite mechanism these hackers use to commit crimes. In 2021, the DeFi space experienced an increase in flash loan attacks, with at least 34 out of 70 exploits utilizing this procedure.
The Deus Finance team has advanced plans to restore the victims’ funds; the DEUS token crumbled down close to 40% after the attack got revealed. At press time, DEUS is trading at USD 327 and showing losses of 21% in the last 24 hours.
By: Jenson Nuñez
