Derivatives Platform Deus Finance Exploited for $3M on Fantom Network

Hackers manipulated a pricing mechanism to trick the protocol in a “flash loan” attack that led to loss of user funds, the security firm said.

AccessTimeIconMar 15, 2022 at 11:17 a.m. UTC
Updated May 11, 2023 at 6:59 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Crypto derivatives platform Deus Finance was exploited for over $3 million worth of cryptocurrencies in early European hours on Tuesday, security firm PeckShield said in a tweet, adding that the overall losses could be much higher.

  • The attack on Deus Finance occurred on its Fantom network iteration. Deus Finance allows developers to build and issue financial instruments, such as derivatives or options, on its platform.
  • PeckShield said attackers manipulated prices on Deus’s offerings using a flash loan, a form of uncollateralized lending using smart contracts.
  • Hackers used flash loans to manipulate the contract that determined the price of DEI – one of the two tokens issued by Deus Finance – to falsely show that DEI had collapsed. This led to a loss of all funds of the users supplying liquidity to the DEI/USDC pool.
  • Blockchain data shows that over 3 million USDC tokens were stolen from Deus which was exchanged for 200,000 DAI and 1,101.8 ether (ETH) via decentralized exchange Multichain. The funds were then withdrawn to the privacy swap tool Tornado, which masks the addresses of the hacker and makes it difficult to tie stolen funds to their perpetrator.
  • Deus closed contracts affected by the attack and said its developers were working on a post-mortem report. Prices of Deus’s native DEUS token fell nearly 40% following reports of the hack but seemed to recover at the time of writing.
  • The attack comes days after Fantasm Finance, another Fantom-based protocol, was exploited for over $2.6 million, as reported.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk offers all employees above a certain salary threshold, including journalists, stock options in the Bullish group as part of their compensation.

Shaurya Malwa

Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.