Derivatives Platform Deus Finance Exploited for $3M on Fantom Network
Hackers manipulated a pricing mechanism to trick the protocol in a “flash loan” attack that led to loss of user funds, the security firm said.
Crypto derivatives platform Deus Finance was exploited for over $3 million worth of cryptocurrencies in early European hours on Tuesday, security firm PeckShield said in a tweet, adding that the overall losses could be much higher.
- The attack on Deus Finance occurred on its Fantom network iteration. Deus Finance allows developers to build and issue financial instruments, such as derivatives or options, on its platform.
- PeckShield said attackers manipulated prices on Deus’s offerings using a flash loan, a form of uncollateralized lending using smart contracts.
- Hackers used flash loans to manipulate the contract that determined the price of DEI – one of the two tokens issued by Deus Finance – to falsely show that DEI had collapsed. This led to a loss of all funds of the users supplying liquidity to the DEI/USDC pool.
- Blockchain data shows that over 3 million USDC tokens were stolen from Deus which was exchanged for 200,000 DAI and 1,101.8 ether (ETH) via decentralized exchange Multichain. The funds were then withdrawn to the privacy swap tool Tornado, which masks the addresses of the hacker and makes it difficult to tie stolen funds to their perpetrator.
- Deus closed contracts affected by the attack and said its developers were working on a post-mortem report. Prices of Deus’s native DEUS token fell nearly 40% following reports of the hack but seemed to recover at the time of writing.
- The attack comes days after Fantasm Finance, another Fantom-based protocol, was exploited for over $2.6 million, as reported.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.