- Deus Finance lost over $3 million from the hack.
- The hacker manipulated prices in a lending contract.
- The team is working on a reimbursement plan for the victims.
DeFi project Deus Finance has experienced a hack, resulting in over $3 million being stolen. PeckShield revealed that the exploit took place on its Fantom-based marketplace on March 15, showing that at least 200,000 DAI and 1101 ETH had been stolen, though it is possible more has been lost.
The hackers had reportedly manipulated prices, a common tactic among hackers attacking DeFi protocols. This flash loan exploit affected the USDC/DEI pair and once stolen, the hacker ran the funds through Tornado Cash, a coin mixing service, to hide their traces.
Deus Finance provided an update, confirming that the attack had taken place on the DEI lending contract. The developers are currently working on a postmortem report, and the contract has been closed.
The Deus Finance token DEI has taken a steep drop of 15.5% over the past 24 hours, currently sitting at $374.
CEO of Deus Finance Lafayette Tabor has also commented on the incident, saying that the team is working on reimbursement for those affected. The plan is to create a contract where victims will be able to repay debt and get assets that were liquidated. Additionally, there will be a feature that lets victims swap DEI against a small MUON allocation, which will be paid out of the team’s allocation.
Deus Finance calls itself the “world’s first decentralized bilateral OTC derivatives platform.” It is an infrastructure platform that has made the headlines, but clearly also a target for bad actors, who continue to strike the DeFi market.
DeFi Market, a Prime Target for Bad Actors
The DeFi market is no stranger to attacks and has been a veritable gold mine for hackers in the past 24 months. Flash loan exploits have been one of the most popular MOs, though the kinds of attacks vary greatly and have different effects.
The biggest hack of 2022 took place in February, when the Wormhole bridge was hacked, resulting in $321 million being stolen. The vulnerability was patched, but it showed the precarious security nature of cross-chain bridges. Vitalik Buterin also spoke on this subject in a lengthy Reddit post, saying the future would be cross-chain, not multi-chain.
To combat these attacks, teams have been ensuring that their code gets audited by a third party. Additionally, they are examining insurance protocols to guarantee reimbursement and launch bug bounties. This has helped reduce the number of attacks, but they do continue to happen.