Blockchain security company PeckShield reported that Deus Finance was exploited for about $13.4 million earlier today. This comes just a few months after the protocol fell victim to a similar hack.
PeckShield took it to Twitter to provide more details on the latest DeFi attack. In it, the hacker went via a familiar route by using a flashloan-assisted manipulation of price oracle that “reads from the StableV1 AMM – USDC/DEI pair.”
The attacker managed to manipulate the price of collateral DEI and used it to borrow and drain the pool.
Overall, the unknown hacker managed to steal about $13.4 million worth of digital assets. However, PeckShield warned that the losses for the protocol could be significantly higher.
The attacker borrowed around 800 ETH to launch the hack, all withdrawn from Tornado Cash and tunneled to Fantom via Multichain.
The hacker’s address currently shows that they have swapped the stolen funds for ETH and have sent them back to Tornado Cash.
2/ The hack is made possible due to the flashloan-assisted manipulation of price oracle that reads from the StableV1 AMM – USDC/DEI pair. The manipulated price of collateral DEI is then used to borrow and drain the pool. Sounds familiar?https://t.co/3uk44CXo78 pic.twitter.com/ng2BYPPOiY
— PeckShield Inc. (@peckshield) April 28, 2022
CryptoPotato reported in mid-March when Deus Finance was exploited for the first time. The attacker in that incident used an identical approach, but the stolen amount was a lot smaller – around $3 million in DAI and ETH.
Be the first to comment