DeFi Platform ‘Deus Finance’ Exploited for $3 Million

Fantom-based DEUS Finance has suffered a flash loan exploit when hackers made off with an estimated US$3 million and washed it through Tornado Cash. Luckily, affected DEI holders will be reimbursed.

Hackers Use Flash Loan Attack

According to a tweet from blockchain security firm PeckShield, hackers used a flash loan attack to destabilise the DEI, the other token issued by DEUS Finance:

Hackers set the flash loan to target the price oracle responsible for the price of DEI, making it think the DEI had collapsed. This resulted in a loss of all funds that were held in the DEI/USDC liquidity pool.

An estimated US$3 million was stolen and exchanged for 200,000 DAI and 1101.8 ETH, and moved via the Multichain cross-chain router protocol (CRP). The hacker moved the funds to Tornado Cash, a privacy-centric swapping tool, to help make the funds disappear (or at least make them much harder to track).

Deus Finance admitted the flaw in its lending process and stated that its $DEI lending contract had been closed. The DEUS token fell nearly 40 per cent following reports of the hack, but it seemed to have recovered somewhat by the time of writing.

Community to be Fully Recompensed

According to the postmortem on its official medium, Deus Protocol CEO Lafayette Tabor reassured users they would be completely reimbursed:

To make things clear: NO USER FUNDS are LOST. We will make everyone whole again – anyone affected by the exploit will be reimbursed completely. This means that the sAMM inside the borrowing contract will be replenished and the balances of users that got affected will be restored to the value they had prior to the exploit.

Lafayette Tabor, CEO, Deus Protocol

After also taking to Twitter to inform the community about the reimbursement plan, Tabor stated that the developers would create a new contract where affected users would be able to repay their loans:

DEUS community members were elated to hear about the reimbursement scheme, since it’s very rare for compromised protocols to recompense their community.

This attack comes little more than a month after Polygon DeFi protocol QiDao was exploited for US$13 million. And in January, Algorand-based DeFi trading platform Tinyman was hacked and drained of roughly US$3 million.