Deus Finance had acknowledged the exploit on its lending contract and the CEO of the firm was quick to come up with a reimbursement plan
Multi-token decentralized finance (DeFi) marketplace Deus Finance has become the latest victim of an exploit resulting in over $3 million losses in the Dai (DAI) and Ether (ETH).
DeFi analytic firm PeckShield took to Twitter to explain the cause and manner in which the funds were exploited. The hackers behind the attack managed to exploit and manipulate a price oracle for flash loans, resulting in the insolvency of users’ funds.
The hackers manipulated the price from the pair of StableV1 AMM – USDC/DEI, which the protocol used to set a price oracle for its flash loans.
Example of Price Manipulation Source: PeckShield
PeckShield revealed that hackers managed to steal 200,000 DAI and 1101.8 ETH, and the total amount of stolen funds could be larger than the early estimates of $3 million.
The hacker behind the attack then funneled the stolen funds using the coin mixer tool Tornado cash via the Multichain Protocol (previously known as AnySwap).
Stolen Funds Washed through TornadoCash Source: EtherScan
Deus Finance acknowledged the exploit on its lending protocol and claimed it has closed its DEI lending contract. The DeFi protocol also claimed that both DEUS and DEI are unaffected by the exploit.
Deus Finance provides DeFi infrastructure to help others create financial instruments including synthetic stock trading platforms, options and futures trading.
Lafayette Tabor, the CEO of Deus Protocol, took to Twitter to inform the community about the reimbursement plans. He said that the developers would create a new contract where affected users would be able to repay their loans. He explained:
“We will create a contract you will be able to repay your DEBT on it and get your sAMM that were liquidated, we will also implement a feature that lets you swap DEI against a small MUON allocation. (paying from my team allocation).”