Blockchain security company PeckShield reported that Deus Finance was exploited for about $13.4 million earlier today. This comes just a few months after the protocol fell victim to a similar hack.
- PeckShield took it to Twitter to provide more details on the latest DeFi attack. In it, the hacker went via a familiar route by using a flashloan-assisted manipulation of price oracle that “reads from the StableV1 AMM – USDC/DEI pair.”
- The attacker managed to manipulate the price of collateral DEI and used it to borrow and drain the pool.
- Overall, the unknown hacker managed to steal about $13.4 million worth of digital assets. However, PeckShield warned that the losses for the protocol could be significantly higher.
- The attacker borrowed around 800 ETH to launch the hack, all withdrawn from Tornado Cash and tunneled to Fantom via Multichain.
- The hacker’s address currently shows that they have swapped the stolen funds for ETH and have sent them back to Tornado Cash.
2/ The hack is made possible due to the flashloan-assisted manipulation of price oracle that reads from the StableV1 AMM – USDC/DEI pair. The manipulated price of collateral DEI is then used to borrow and drain the pool. Sounds familiar?https://t.co/3uk44CXo78 pic.twitter.com/ng2BYPPOiY
— PeckShield Inc. (@peckshield) April 28, 2022
- CryptoPotato reported in mid-March when Deus Finance was exploited for the first time. The attacker in that incident used an identical approach, but the stolen amount was a lot smaller – around $3 million in DAI and ETH.