By Alicia Maher
Hacking is becoming a recurring theme in the blockchain and decentralized finance industries, with the latest incident being a multi-million dollar DeFi attack that happened in the early hours of the day. In recent days, DeFi protocols have been the target of hackers despite several measures to deter any further occurrence by the concerned development teams.
The latest hacking incident targeted the DEUS Finance DAO, where the attacker stole $13.4 million worth of assets from the custody of the DeFi platform.
However, the DEUS team quickly calmed any panicked users by stating that users’ funds were safe and had not been tampered with in the recent hacking attack.
Flash Loan Breached By the Latest Exploit
The DEUS Finance DAO protocol is a multi-chain platform that runs on the Ethereum Layer-1 network alongside other L-1 networks like Fantom, BNB, and Chain; it was the target of a flash loan exploit in the early hours of Thursday morning.
The on-chain data that examines the exploit reveals that the attacker used a flash loan to pass through the DEUS liquidity zone on Fantom. The flash loan is a pioneer of the early Ethereum DeFi Aave project that allows DeFi users to borrow a huge amount of capital without collateral so long as the borrowers pay back the loan via the same transaction.
Flash loans are one part of the innovation developed by the DeFi solutions providers, but they have been controversial for quite some time. The main opposition to flash loans is that they have aided multi-million dollar hacks in the DeFi ecosystem due to their porous security structure prone to the slightest breach.
The current exploit follows the same pattern as the previous ones, where the attacker leverages loans to manipulate the protocol easily.
According to the popular blockchain security firm, PeckShield, a loan was used by the attacker to manipulate a price format so that the attacker could manipulate the price of the DEUS DEI stablecoin.
The stablecoin is then used as collateral to seek more loans and execute another transaction in USDC. By the time the exploiter paid off the flash loan, about $13.4 million had been wiped away.
Upon completing the flash loan attack, the hacker then moves the proceeds from Fantom to Ethereum using Tornado Cash, an Ethereum-based privacy protection protocol widely used in DeFi hacking incidents. The Tornado Cash is used to siphon the stolen funds to another wallet that will be difficult to trace.
Meanwhile, the DEUS team has reiterated that users’ funds are saved despite the multi-million hacking incident and that DEI lending has been halted pending the investigation of the exploit. The next couple of days will reveal the protocol’s plan to curb further occurrences. At the moment, efforts are geared toward working on the loopholes.
After suffering a $3 million flash loan attack in March, the DeFi protocol has been thrown in the spotlight again for the recent event.