Deus Finance’s decentralised finance (DeFi) protocol has suffered a $6 million loss due to a security vulnerability. By taking advantage of a flaw in the Arbitrum network and BNB Smart Chain (BSC), the attacker attacked the protocol’s stablecoin, DEI (DEI). Data from CoinMarketCap shows that this caused the price of DEI to drop by 30%.
DEI lost almost $6 million
The BSC hack, which cost over $1.3 million, was initiated by a bot. The attacker also attacked the Arbitrum network, causing over $5 million in losses for ARB/ETH deployments. A fractional reserve stablecoin called DEI was forked from frax.finance, according to security experts, was the primary cause of the token contract’s implementation problem.
Deus Finance is a decentralised exchange that enables the trading of both digital and non-digital goods, such as commodities, over the Ethereum blockchain. The platform’s peer-to-peer bilateral agreement architecture enables the trustless direct clearing of digital derivatives between two parties. Using third-party market observations that are fueled by economics, decentralized threshold-signature-based oracles aid in agreement verification.
In reaction to the security problem, Deus Finance acknowledged the hack, halted all contracts, and destroyed DEI coins to limit further harm. The Deus team wrote on Twitter, “We are currently in the process of understanding the actual backing of DEI tokens.” They also stated that a “comprehensive recovery and redemption plan” will be created after a careful examination of balances and pictures.
The smart contract for DEI had a bug that allowed anybody to establish a new DEI without any limitations, as found by white-hat hackers. By exploiting this weakness, hackers tried to drain DEI from the compromised networks.
The DEUS team welcomed the quick reaction from the white hackers and halted the impacted contracts, minimizing damages. Since then, these agreements have been cancelled.
Within 24 hours, the price of DEI, a Fantom protocol-based collateral mechanism for third-party instruments, dropped by 30%.
Previous hacking events at Deus Finance’s
This is not the first time a security flaw has affected Deus Finance.
The protocol was misused in a flash-loan attack in March 2022, causing losses in Dai and Ether of more than $3 million.
Flash loans were utilized by hackers to manipulate the DEUS platform’s liquidity pools’ smart contract data reading format. Following this, the attackers inflated the value of various assets, obtained a loan, and, after repaying the loan, made large gains.
The attackers secured a $143 million flash loan and made a profit of $13.4 million, but it’s believed that the protocol experienced more significant losses.
The exploiters had used the cryptocurrency mixer Tornado Cash to transfer the stolen money, according to PeckShield.
The latest events have jeopardized DEUS’ security, casting doubt on its capacity to safeguard users’ assets.