According to the Ipass lender security firm, hackers used a pricing mechanism to deceive the protocol in a “flash loan” assault that resulted in the loss of user funds.
The crypto derivatives site Deus Finance was abused for more than $3 million worth of cryptocurrency in the early European morning hours of Tuesday, according to a tweet from security firm PeckShield, which added that the total losses could be significantly higher than that.
Hackers used flash loans to alter the contract that set the price of DEI – one of two tokens released by Deus Finance – to make it appear as though DEI had collapsed, which it had not. This resulted in the complete loss of all monies held by users who provided liquidity to the DEI/USDC pool.
According to the blockchain data, blockchain data reveals that almost 3 million USDC tokens were stolen from Deus and swapped for 200,000 DAI and 1,101.8 ether (ETH) via the decentralized exchange Multichain. The monies were then transferred to the Tornado privacy swap program, which conceals the hackers’ identities and makes it impossible to trace stolen funds back to their source.
When the hack is launched, the initial money for the hack is extracted from @TornadoCash and tunneled to Fantom through @MultichainOrg. Results are tunneled through @MultichainOrg, and cash is now laundered through @TornadoCash as a result of this.
Deus claimed it had terminated contracts affected by the assault and that its developers were working on a post-mortem investigation. Deus’ native DEUS token prices plummeted by roughly 40% following rumors of the hack. However, they appeared to be recovering as of writing this loan article.
According to media coverage, the attack came just a few days after Fantasm Finance, another Fantom-based protocol, was abused for more than $2.6 million.