Deus Finance suffers its second flash loan attack in two months

Deus Finance suffers its second flash loan attack in two months

By I-HODL | A Crypto Journey | 28 Apr 2022


 

After suffering a $3 million flash loan attack just over a month ago, multi-chain DeFi protocol, Deus Finance is reeling once more as attackers  again use a flash loan to manipulate prices on a liquidity pool of the USDC stablecoin and its algorithmic stablecoin DEI, using the manipulated DEI price to borrow and drain the pool. And today, according to some reports, this time around, Deus' losses exceeded US$13 million. My friends, let's discuss. 

A closer look at Deus Finance

On its website, Deus Finance describes itself as "a marketplace of decentralized financial services" launched this year to provide the infrastructure for others to build financial instruments, such as synthetic stock trading platforms, options and futures trading, and more.

Shortly before the first attack on March 15th, the team noted in a March 7th Medium post that:

"Since the inception of the DEUS DAO, security has been of high importance to the DEUS team. After deploying a number of different contracts on many chains, we have maintained a track record of zero protocol exploits and security breaches. This is largely due to our stringent security testing procedures and ongoing smart contract audits, which ensure that our operational contracts meet or surpass industry requirements."

And hackers, of course, said, bet.

60ae681ad8ec53e52ff7695bde2bc0f6b8fca6605b8a109c6aa980d3cb385f8b.jpg

Image source: Pixabay

The First Attack

A March 15th article published by The Block outlined the details of the first exploit which was detected by blockchain security firm, Peckshield. In this first attack, the hacker used flash loans.

According to SoFi Learn, a flash loan is "a form of uncollateralized (or, unsecured) lending" made available to investors on some DeFi networks and protocols. The digital agreements are low risk and have a very low interest rate with the sole caveat that the entire transaction — from borrowing to paying back — must be completed in one single, instant transaction.

According to The Block, the hacker took advantage of Deus DAO's stablecoin lending contract, using the borrowed cash to manipulate the price oracle  for the USDC/DEI stablecoin trading pair, causing the lending positions of some users to become insolvent, and then repaying the loans, but not before escaping with about $3 million worth of DEI as profit, and laundering these proceeds via Tornado Cash.

The Second Attack Mirrors the First

In many regards, it can be said that the second exploit mirrored the first for attackers were again able to use a flash loan, temporarily manipulate prices on a liquidity pool consisting of the USDC/DEI stablecoin trading pair, and use the manipulated DEI price to borrow and drain the pool.

According to PeckShield, the hackers took out a flash loan of over 143 million USDC and used that to swap 9.5 million DEI, causing the price of DEI to become more expensive and then using 71,000 DEI to borrow over 17.2 million DEI using the manipulated prices. Upon completion, the flash loan was repaid, and the attacker pocketed a cool $13.4 million.

Man, this has got to be a white hat attack, right? I mean, in recounting the details of the attack, even the PeckShield team were like, 'Deus Finance devs, what are you doing?'

d182282682e014dcc5d94e0f6c459ddcebbb94a6248c335f473616bb888d2cae.png

Okay, they didn't say that exactly, that was just my interpretation, but the similarities were stark. 

Anyways, guys, Deus Finance has acknowledged the situation and has gone to great pains to assure users that they were not affected and their funds are safe. 

 

And the hackers are perhaps somewhere lurking in the ethersphere and about to say, bet

Final Thoughts

Incidentally, my friends, have you ever used the Deus Finance DAO protocol? Have you ever tried the flash loans? And how confident are you in the protocol given this most recent occurrence?

For me, I think we've already established that criminals will steal if they can wherever they can including in cyberspace, right? So the fact that there was an attack doesn't necessarily make me clutch my pearls. 

This is not to dismiss the distress of anyone who may have been impacted by a hack.  I think I've always made it quite clear that I'd like to see stronger systems in place to protect investors and traders who may be vulnerable to attack from bad actors. But at this time, I'm simply saying that I'm not shocked by a hack, an exploit, a manipulation, whatever you call it, right? My concern  is that there are so many similarities on the same protocol in such a short space of time.

Raises the question for me, what was done to strengthen Deus Finance's systems after the first attack? What were the lessons learned? What were the assurances given to users that a similar situation would not be repeated? And if those assurances were given and attackers were able to stroll back in and casually leave with even more funds this time around, then this is not a good look at all. But what do I know? I merely gossip about crypto.

Anyways, I'd love to hear your thoughts, my friends. What do you think about this situation?  And as an investor or trader what would your trust level be for Deus Finance going forward? 

Well, guys, that's it for me. I'm off again in search of another story, but hey, by the way, I  just want to say thank you so much! Today, I logged onto my account and I saw that my followers had crossed 600, and I was so excited  by that. Thank you so much for your support. I truly hope that we can continue to grow together here.

Let me tell you guys, Publish0x continues to be my favorite platform to write for. With consistency, I've certainly seen a lot of growth here, and that motivates me to log in every day and bring a story to you guys, which I truly hope you enjoy. So can we celebrate together for a moment?

Okay, that's it. Until we meet again, my friends, please remember to be safe! We'll chat again soon.

 

How do you rate this article?

22


I-HODL
I-HODL

Your friendly, neighborhood crypto enthusiast.


A Crypto Journey
A Crypto Journey

Here we exchange news, views and reviews on developments in the crypto space.

Publish0x

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.