Decentralized finance protocol Deus Finance was mined for $3 million, its developers confirmed.
Deus Finance, a protocol DeFi which provides access to decentralized bilateral OTC derivatives, is the most recent victim of hacks that have occurred in the crypto industry. Its developers reported on Twitter that they have suspended all protocol contracts affected by the hack, noting that they are aware of the exploit that occurred this Tuesday and that they are taking measures to mitigate the damage and reward users.
The liquidity deposited in Deus Finance fell around 9,9% after the exploit, according to data from the DeFi Llama monitoring platform. As shown, the current deposited liquidity, or total value locked (TVL), in Deus Finance is $16,3 million. One day before the exploit, this DeFi protocol had more than $18 million locked in its smart contracts.
Source: DeFi Llama
Deus Finance is a cross-chain protocol that is implemented on block chains such as Ethereum, Fantom, Avalanche, BSC, the Polygon layer 2 scalability network, among others. Its objective is to offer users and developers a blockchain platform for building financial tools and instruments that give unlimited access to global markets.
It may interest you: Samsung and Mercado Libre confirm a data breach of their source codes
Flash loan attack on Deus Finance
A few hours after confirming the exploit, the Deus Finance developers published a report postmortem explaining what happened. In that report, they indicated that the attacker was able to manipulate DEI price oracles using a flash loan attack or flash loan, which has become one of the most popular within the decentralized finance ecosystem.
During the exploit, which occurred in the implementation of the protocol in Fantom, nearly 3 million dollars were stolen by manipulating the price of the DEI token in the DEI/USDC pair, as he pointed Lafayette Tabor, CEO of Deus Finance, on his Twitter account. According to the developers, the exploit would have been greater if it had not been for the protocol's limitation, which prevented further damage. Analysis firm PeckShield said that the attacker is using the Tornado Cash mixing platform to obfuscate the origin of the funds and exchange the stolen tokens for the stablecoin DAI and ETH, the cryptocurrency native network Ethereum.
Deus Finance developers reported the immediate creation of a refund contract to return stolen funds to all affected users. “The refund will be paid through personal funds and DEUS DAO”, the team reported, while taking responsibility for the exploit that occurred.
Deus DAO
The creators of this protocol had published a report on the security of Deus Finance, indicating that it is one of the highest priorities since the creation of their DAO (Decentralized Autonomous Organization) Deus DAO.
Deus Finance had plans to deploy Muon technology, which it helped design, next week to strengthen its security system and minimize the possibility of protocol vulnerabilities and security breaches. Ironically, it was exploited before this process was carried out. However, the development team assures that they are already working on the implementation of the VWAP and DEUS oracles and that Deus Finance will soon be updated to these new contracts.
This is the first time Deus Finance has been exploited since its creation. By mid-February, the protocol had been audited by the Armors Labs team.
Two other DeFi protocols, Agave y Hundred Finance, were also exploited recently, losing nearly $11 million collectively.
Continue reading: Solana (SOL) price drops 10% after $320 million Wormhole protocol hack
