2 years ago
Deus squad has stated that the latest onslaught did not effect successful the nonaccomplishment of immoderate of its users’ funds.
2 min read
Updated: April 28, 2022 at 3:01 pm
Cover art/illustration via CryptoSlate
Deus Finance DAO has suffered different exploit and mislaid $13.4 cardinal worthy of ETH to a hacker little than a period aft being hacked successful a akin flash indebtedness onslaught for astir $3 million.
Deus DAO mislaid implicit $16 cardinal to the 2 attacks
Blockchain information institution PeckShield archetypal reported the exploit claiming that though the hacker gained astir $13.4 million, the protocol mightiness person mislaid more.
The @DeusDao was exploited contiguous successful https://t.co/USKNHhXeid with ~$13.4M summation for the hacker (The protocol nonaccomplishment whitethorn beryllium larger).
— PeckShield Inc. (@peckshield) April 28, 2022
According to PeckShield, the hacker utilized a flash indebtedness to manipulate the terms oracle and inflate the worth of DEI. Then the hacker utilized the inflated DEI arsenic collateral to get and drain the protocol. The exploit successful March was achieved utilizing the aforesaid method.
1/ @deusdao Deus Finance was exploited successful https://t.co/bfYCQcz5rZ, starring to the summation of ~$3M for the hacker (The protocol nonaccomplishment whitethorn beryllium larger), including 200,000 DAI and 1101.8 ETH
— PeckShield Inc. (@peckshield) March 15, 2022
The hacker initially withdrew 800 ETH from Tornado Cash to imitate the exploit, sending the funds done Multichain into Fantom. After stealing the funds, the hacker paid the flash indebtedness and sent the proceeds to his wallet.
It present appears that the hacker has moved astir of the proceeds from the wallet, arsenic lone 0.85 ETH was successful the wallet arsenic of property time.
Deus squad response
In its archetypal response, Deus Finance DAO has called for calm aft revealing that its squad was moving connected it. The protocol claimed that each idiosyncratic funds were harmless and nary idiosyncratic was liquidated owed to the exploit.
The multichain decentralized derivatives level besides stated that the $DEI peg is restored and that it volition supply much updates soon.
The dev squad is moving connected the DEI situation.
1. User funds are safe. No users were liquidated.
2. DEI lending has been temporarily halted.
3. $DEI peg has been restored.
More details to follow.
— DEUS Finance DAO (@DeusDao) April 28, 2022
Its founder, the pseudonymous lafachief, disagreed with however PeckShield described the exploit.
This is not precisely what happened, I volition hole something. https://t.co/7zwuPNdkly
— µ Lafa µ (@lafachief) April 28, 2022
He added that protocol uses “Muon Oracles not onchain,” and the hacker “was capable to manipulate VWAP prices of Muon.” He continued that the attacker “basically “faking” swap of ~2M USDC to 100k DEI” and “manipulated the Muon VWAP terms with it.”
This is what I cognize truthful far:
The attacker utilized this tx to manipulate muon price:https://t.co/G4hFwIjkBy
Muon is checking for SWAPS wrong of solidly pool, we were moving connected changing that unneurotic with muon to adhd much sources and filter retired transactions…
— µ Lafa µ (@lafachief) April 28, 2022
Lossless DeFi, a crypto hack mitigation tool, besides offered to assistance Deus drawback the hacker if it was consenting to cooperate.
Hey @DeusDao. Our squad has looked into this and we judge we tin drawback the culprit with you. DMed you if you'd similar to enactment together.
— Lossless (@losslessdefi) April 28, 2022
However, immoderate users are acrophobic astir the platform’s security, considering that the aforesaid exploit had happened doubly successful little than a month.
English (US) 