{"id":60728,"date":"2022-04-28T11:01:32","date_gmt":"2022-04-28T08:01:32","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=60728"},"modified":"2025-09-05T05:01:54","modified_gmt":"2025-09-05T02:01:54","slug":"hacker-drains-more-than-13m-from-defi-protocol-deus-finance-dao","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/hacker-drains-more-than-13m-from-defi-protocol-deus-finance-dao\/","title":{"rendered":"Hacker drains more than $13m from DeFi protocol Deus Finance DAO"},"content":{"rendered":"<p>The DeFi protocol Deus Finance DAO has again come under attack. According to PeckShield, the attacker drained assets worth about $13.4 million from the smart contracts, though the project \u201ccould have suffered more.\u201d<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The <a href=\"https:\/\/twitter.com\/DeusDao?ref_src=twsrc%5Etfw\">@DeusDao<\/a> was exploited today in <a href=\"https:\/\/t.co\/USKNHhXeid\">https:\/\/t.co\/USKNHhXeid<\/a> with ~$13.4M gain for the hacker (The protocol loss may be larger).<\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1519530463337250817?ref_src=twsrc%5Etfw\">April 28, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In March 2022, an unknown <a href=\"https:\/\/u1f987.com\/en\/news\/hacker-exploits-deus-finance-dao-nets-about-3-million\">exfiltrated around $3 million<\/a>, including 200,000 DAI and 1,101.8 ETH. To do so he used <a href=\"https:\/\/u1f987.com\/en\/news\/what-are-flash-loans\">instant loans<\/a> \u2014 the assets obtained in this way allowed the hacker to manipulate the price oracle that determines the price in the USDC\/DEI pair.<\/p>\n<p>Analysts said a similar attack vector was used on April 28.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">3\/ To illustrate, we use the hack tx and show the key steps below: <a href=\"https:\/\/t.co\/JyhgYpBmoB\">pic.twitter.com\/JyhgYpBmoB<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1519533378529562624?ref_src=twsrc%5Etfw\">April 28, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThe hack was made possible by manipulating the price oracle that reads data from the USDC\/DEI pair, using a flash loan. The manipulated DEI collateral price was then used to borrow and drain the pool. Sounds familiar?\u201d, \u2014 PeckShield.<\/p>\n<\/blockquote>\n<p>The team noted that initializing the attack required 800 ETH (about $2.31 million). The funds were moved through the Tornado Cash mixer and sent to the Fantom network via the cross-chain protocol Multichain. The stolen assets were converted back into Ethereum.<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\">\n<p lang=\"en\" dir=\"ltr\">4\/ The initial funds (~800 ETH) to launch the hack are withdrawn from <a href=\"https:\/\/twitter.com\/TornadoCash?ref_src=twsrc%5Etfw\">@TornadoCash<\/a> and tunneled to Fantom via <a href=\"https:\/\/twitter.com\/MultichainOrg?ref_src=twsrc%5Etfw\">@MultichainOrg<\/a>. The stolen funds are tunneled back to <a href=\"https:\/\/twitter.com\/ethereum?ref_src=twsrc%5Etfw\">@ethereum<\/a> and stay in the hacker\u2019s account <a href=\"https:\/\/t.co\/crqRXRVuRw\">https:\/\/t.co\/crqRXRVuRw<\/a>. <a href=\"https:\/\/t.co\/eaa8j5lxtK\">pic.twitter.com\/eaa8j5lxtK<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1519537970147078144?ref_src=twsrc%5Etfw\">April 28, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to CoinGecko, the incident caused the algorithmic stablecoin DEI to temporarily lose its peg to the US dollar. At one point the asset traded as low as $0.95.<\/p>\n<p>The Deus Finance DAO team confirmed the hack. The developers said user funds are safe and that their positions were not liquidated. DEI lending has been halted, and the stablecoin\u2019s peg to the dollar has been restored.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The dev team is working on the DEI situation. <\/p>\n<p>1. User funds are safe. No users were liquidated.<br \/>2. DEI lending has been temporarily halted.<br \/>3. <a href=\"https:\/\/twitter.com\/search?q=%24DEI&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$DEI<\/a> peg has been restored.<\/p>\n<p>More details to follow.<\/p>\n<p>\u2014 DEUS Finance DAO (@DeusDao) <a href=\"https:\/\/twitter.com\/DeusDao\/status\/1519574219419496449?ref_src=twsrc%5Etfw\">April 28, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In the wake of the hack, the protocol\u2019s native token DEUS fell by nearly 16%. At the time of writing, the asset was trading near 510 FTM (around $504).<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"444\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/juOrka05-1024x444.png\" alt=\"Hacker drains more than $13m from the DeFi protocol Deus Finance DAO\" class=\"wp-image-171564\" srcset=\"https:\/\/u1f987.com\/wp-content\/uploads\/juOrka05-1024x444.png 1024w, https:\/\/u1f987.com\/wp-content\/uploads\/juOrka05-300x130.png 300w, https:\/\/u1f987.com\/wp-content\/uploads\/juOrka05-768x333.png 768w, https:\/\/u1f987.com\/wp-content\/uploads\/juOrka05.png 1318w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>Hourly chart of DEUS\/FTM on SpiritSwap. Data: <a href=\"https:\/\/dexscreener.com\/fantom\/0x2599eba5fd1e49f294c76d034557948034d6c96e\">DEX Screener<\/a>.<br \/><\/figcaption><\/figure>\n<p>In April, the Ethereum-based Beanstalk Farms <a href=\"https:\/\/u1f987.com\/en\/news\/beanstalk-farms-defi-protocol-loses-181-million-in-hack\">lost more than $181m in cryptocurrencies<\/a> due to a hack.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The DeFi protocol Deus Finance DAO was hacked again. PeckShield reports that the attacker drained assets worth about $13.4 million from the smart contracts, though the project could have suffered more.<\/p>\n","protected":false},"author":1,"featured_media":60729,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1093],"class_list":["post-60728","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-defi"],"aioseo_notices":[],"amp_enabled":true,"views":"13","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/60728","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=60728"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/60728\/revisions"}],"predecessor-version":[{"id":60730,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/60728\/revisions\/60730"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/60729"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=60728"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=60728"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=60728"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}