Less than two months later, the multi-chain crypto derivatives protocol again suffered a flash loans attack. The Deus Finance team stated that the funds were safe.
The decentralized finance (DeFi) protocol that brings crypto derivatives, DEUS Finance DAO, suffered an attack on Thursday that extracted at least $13 million. The incident arrives less than two months after another attack that harmed the platform.
According to various media reports, the unknown attacker took advantage of a flash loan, also named a lightning loan, to extract funds from a DEUS Finance liquidity group on the Fantom Network, highlighting data from the chain. Deus Finance is a multi-chain protocol that works on Ethereum, Fantom, BNB Chain, and other Layer 1 networks.
Security firm PeckShield expressed in a tweet that the hacker took out a quick loan to handle the price oracle within a liquidity pool involving a token named DEI, attached to the USDC stable coin.
A Flash Loan Type of Attack
According to CoinDesk, the hack allowed the feature that reads the information in the network’s liquidity pools to get tricked, ultimately allowing the attacker to inflate the cost of some currencies, borrow money, and make a loot after repaying the loan.
The attacker managed to borrow at least $143 million in USDC and used these borrowed funds to trade 9.5 million DEI, the protocol’s native 1:1 US dollar-pegged stable coin. The attacker extracted and owned at least $13.4 million in loot, although the PeckShield researchers determined that the total losses from the protocol could reach a higher amount.
A flash loan is a famous method of unsecured lending in the Defi environment that operates through smart contracts. Users must take this flash loan and repay it during the same operation, or the intelligent agreement reverses the financial activity as if the loan did not exist.
According to The Block, the attacker sent the extracted funds from Fantom to Ethereum, from where he then migrated it into Tornado Cash, a mixing protocol applied to obfuscate Ethereum operations linked to transactions. In this way, he sent the money to a “clean” address, one unidentified and not connected to the criminal procedure.
This Type of Attack Has Happened Before
Shortly after the exploit got disclosed, the DEUS Finance DAO team highlighted in a tweet that it was working on the situation and had paused the lending of DEI tokens. He also stated that user funds remain safe and promised to reveal further details about the incident.
This event was not the first security breach for Deus Finance. The protocol also lost at least $3 million in another attack that took control of a flash loan last month. Flash loans have become a procedure frequently used by cybercriminals to steal money from DeFi platforms.
Meanwhile, DEUS, the governance token on the platform, dropped more than 5% in price. According to data collected by CoinMarketCap, the cost of DEUS plummeted from $604 to $492 after the incident became known. At press time, the token appears to be recovering slightly and is trading around $580.
By: Jenson Nuñez
