According to PeckShield data, $3 million worth of DAI and Ethereum (ETH) has been stolen from a DeFi-focused altcoin project. The blockchain security firm states that the attack resulted from flash credit manipulation via a pricing oracle.
$3M DAI and ETH stolen from DeFi altcoin project
Deus Finance, a multi-token DeFi-focused altcoin project, was the victim of an attack that caused more than $3 million in losses on Dai (DAI) and Ethereum (ETH). DeFi analytics firm PeckShield released a report on Twitter to explain the situation and how the money was used. The attackers were able to exploit and manipulate a pricing oracle for flash loans, resulting in users’ funds being stolen.
Hackers manipulated the price of the StableV1 AMM – USDC/DEI pair, which the protocol uses to set a price oracle for flash credits.
PeckShield revealed that hackers managed to steal 200,000 DAI and 1101.8 ETH, and that the total amount of funds stolen could be greater than early estimates of $3 million. The hacker behind the attack then made the stolen funds untraceable using the tornado cash mixing tool via the Multichain Protocol (formerly known as AnySwap).
Deus Finance acknowledged the exploit in the loan protocol and claimed to have closed the DEI loan agreement. DeFi altcoin also said that both DEUS and DEI were unaffected by the exploit.
Deus Finance provides DeFi infrastructure to help others create financial instruments including synthetic stock trading platforms, options and futures. Deus Protocol CEO Lafayette Tabor used Twitter to inform the community about repayment plans. He said the developers will create a new contract where affected users can repay their loans, explaining:
We will create a contract where you can pay off your debt and receive your liquidated sAMM, we will also implement a feature that allows you to exchange the DEI with a small MUON allocation. (by paying from my team allocation).