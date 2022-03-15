Derivatives Platform Deus Finance Exploited for $3M on Fantom Network
Crypto derivatives platform Deus Finance was exploited for over $3 million worth of cryptocurrencies in early European hours on Tuesday, security firm PeckShield said in a tweet, adding that the overall losses could be much higher.
1/ @deusdao Deus Finance was exploited in https://t.co/bfYCQcz5rZ, leading to the gain of ~$3M for the hacker (The protocol loss may be larger), including 200,000 DAI and 1101.8 ETH
The attack on Deus Finance occurred on its Fantom network iteration. Deus Finance allows developers to build and issue financial instruments, such as derivatives or options, on its platform.
PeckShield said attackers manipulated prices on Deus’ offerings using a flash loan, a form of uncollateralized lending using smart contracts.
Hackers used flash loans to manipulate the contract that determined the price of DEI – one of the two tokens issued by Deus Finance – to falsely show that DEI had collapsed. This led to a loss of all funds of the users supplying liquidity to the DEI/USDC pool.
Blockchain data shows that over 3 million USDC tokens were stolen from Deus which was exchanged for 200,000 DAI and 1,101.8 ether (ETH) via decentralized exchange Multichain. The funds were then withdrawn to the privacy swap tool Tornado, which masks the addresses of the hacker and makes it difficult to tie stolen funds to their perpetrator.
4) The initial funds to launch the hack are withdrawn from @TornadoCash and tunneled to Fantom via @MultichainOrg. The result gains are tunneled via @MultichainOrg and funds are now washed via @TornadoCash. pic.twitter.com/UlJgiJMsa6
Deus closed contracts affected by the attack and said its developers were working on a post-mortem report. Prices of Deus’ native DEUS token fell nearly 40% following reports of the hack but seemed to recover at the time of writing.
The attack comes days after Fantasm Finance, another Fantom-based protocol, was exploited for over $2.6 million, as reported.