Deus Finance Hacked AGAIN - Losses Total Over $16.5 Million

avatar

All these DeFi hacks are looking a little sus to me...

image.png

image.png

Deus Finance's 2nd Hack in 2 months

I feel like it was just yesterday that I was reading about how $3 million was stolen from Deus Finance. It's funny because it might as well have been yesterday. This was only a month ago. Basically, a hacker was able to use a flash loan attach to exploit the contract that runs the protocol to siphon out $3 million. If you're not familiar with the term flash loan, check out this article from CoinDesk. Flash loans are uncollateralized crypto loans that are issued and paid back all within one single transaction. This is a controversial thing for many reasons, but it does actually have use-cases. Maybe we can talk about that in another post.

Fast forward only one month later to yesterday, and we are seeing the same exact thing happen again. Deus Finance was exploited once again, but this time for $13.4 million via yet another flash loan attack. You'd think that they would have re-worked the smart contract to avoid this happening again. The least they could have done was get a fresh audit and fix the issues.

Here's how this played out.

image.png

Keep in mind - this is all done in one single transaction so your average Joe isn't gunna be doing flash loan attacks. This is well thought out and very planned.

image.png

First - the flash loan itself is issued for $143 million USDC. Then that 143 million USDC is swapped on the market for 9.5 million DEI (the Deus Finance "stable coin"). This causes the price of DEI to be extremely high in comparison to where it should be. 71,436 DEI is used as collateral to borrow 17.2 million DEI (due to the highly manipulated price from the swap). Then the loan is repaid netting the attacker $13.4 million.

That's pretty damn slick if you ask me. The attacker literally used the loan to sweep the order books and inflate the price of DEI to borrow more than they should have been able to. Tricking the system into emptying its protocol liquidity. Oof.

Here's what the actual transaction looks like.

image.png
image.png

Immediately after the loan closed and the profit was sitting in the attacker's wallet, funds were siphoned out to Tornado cash in chunks of 100 ETH. What the attacker is doing is trying to obfuscate the trail of where the stolen funds are going by using a mixing service.

Since we all know the blockchain doesn't lie, it's often easy to trace where funds are going to an extent. With the use of mixing services like Tornado Cash, though, it becomes much more difficult. The longer the funds sit in Tornado, the harder it becomes to trace them. Who knows how long the attacker is willing to wait. If it were me, I'd forget about it for as long as possible.

image.png

It's going to be very difficult to identify the attacker but supposedly they have identified the attacker's Binance account. Rookie mistake using an exchange that makes you do know your customer verification. If it truly is the attacker's account, they have their name, address, ID and everything necessary to pursue legal action. I sincerely hope they do.

image.png

Don't let us down, Cyber Action Fraud Police of England. We're counting on you. This is why it's always important to do your research before using a DeFi platform. Could the same thing be done to other platforms? Probably. This is why it's of the utmost importance to check the smart contracts for potential bugs with a fine-toothed comb.

This attack could have been avoided if the price oracle for DEI was able to gather price data in a different way. Don't ask me how - I'm not a dev. Either way though....

Stay safe out there frens, it's the wild west in crypto land.

image.png

Thanks for reading! Much love.


Links 'n Shit

Play to Earn Read emails, Earn Crypto Get free crypto every day Get a WAX wallet
Gods Unchained ListNerds PipeFlare WAX.io
Splinterlands GoodDollar
Rising Star FoldApp

image.png

image.png

Posted Using LeoFinance Beta



0
0
0.000
13 comments
avatar

Is it that easy to hack these platforms that manage millions of dollars? I'm really having trouble understanding this. It's really hard to believe that someone from the outside hacked it.

Posted Using LeoFinance Beta

0
0
0.000
avatar

My thoughts exactly, but after looking at the contract code.... The sad truth it that it is that easy to attack Deus in particular.

Posted Using LeoFinance Beta

0
0
0.000
avatar

I don't know much about this, but I think there should be someone checking them out. This type of hacking hurts the crypto market.

Posted Using LeoFinance Beta

0
0
0.000
avatar

They reported it to Action Fraud. That's a general UK fraud reporting service which includes cyber crime in it's portfolio. It avoids the need for humans to get involved.

Unless the filtering system works purely on value or prioritises cyber crime over the many other types of fraud, I am not hopeful it'll go anywhere. My experience of dealing with them is that it's mostly just useful as a way to generate a crime number to give to the insurance company, and that nothing is ever actually investigated. Perhaps they will be luckier than I have been.....

0
0
0.000
avatar

Wow, that's actually really shitty. I thought it was an organization that would actually investigate.

Posted Using LeoFinance Beta

0
0
0.000
avatar
(Edited)

Yeah, it's sad. I think the problem is that there is so much fraud now that the police couldn't cope with the volume. Most of it is small-scale - 419 scam emails, fraudulent online non-delivery claims etc. So they created Action Fraud as a way to record all the crimes, then identify the ones where they had the best chance of a successful investigation and conviction.

It kind of makes sense, until you realise that cyber crime is one of the hardest to investigate for your average policeman, and if it originates internationally it is orders of magnitude harder without co-operation from Interpol and other nations police.

But with numbers in the millions of dollars, I suspect they might be more interested than when I report a £50 fraudulent non-delivery claim !

0
0
0.000
avatar

It honestly baffles me that Flash Loans became something desirable given the massive downside that keeps cropping up. Their sole purpose seems to be facilitating the generation of profits in a very short period of time, and I can't see how this ends up being useful to the crypto community in the long-term with respect to the average user. It feels like (risky) complex instruments being introduced to the stock market all over again :S

Thanks for taking the time to walk through the details of this latest hack, though :)

!1UP

0
0
0.000
avatar

Yeah, flash loans are very interesting, and can actually be useful. Leave it to us humans to find a way to ruin everything though. Lol

Posted Using LeoFinance Beta

0
0
0.000
avatar
Don-1UP-Cheers-Cartel-250px.png

You have received a 1UP from @entrepidus!

The following @oneup-cartel family members will soon upvote your post:
@leo-curator, @stem-curator, @vyb-curator, @pob-curator, @neoxag-curator, @pal-curator
And they will bring !PIZZA 🍕

Learn more about our delegation service to earn daily rewards. Join the family on Discord.

0
0
0.000