{"id":3735,"date":"2022-04-28T19:39:39","date_gmt":"2022-04-28T19:39:39","guid":{"rendered":"http:\/\/cryptoheretostay.com\/?p=3735"},"modified":"2022-04-28T19:39:40","modified_gmt":"2022-04-28T19:39:40","slug":"deus-dao-suffers-another-flash-loan-exploit-loses-over-16m","status":"publish","type":"post","link":"https:\/\/cryptoheretostay.com\/?p=3735","title":{"rendered":"Deus DAO suffers another flash loan exploit, loses over $16M"},"content":{"rendered":"<p> <script type=\"text\/javascript\">\r\namzn_assoc_placement = \"adunit0\";\r\namzn_assoc_tracking_id = \"totafreearti-20\";\r\namzn_assoc_ad_mode = \"search\";\r\namzn_assoc_ad_type = \"smart\";\r\namzn_assoc_marketplace = \"amazon\";\r\namzn_assoc_region = \"US\";\r\namzn_assoc_default_search_phrase = \"crypto\";\r\namzn_assoc_default_category = \"All\";\r\namzn_assoc_search_bar = \"false\";\r\namzn_assoc_title = \"\";\r\namzn_assoc_rows =\"1\";\r\n<\/script>\r\n<script src=\"\/\/z-na.amazon-adsystem.com\/widgets\/onejs?MarketPlace=US\"><\/script><br \/>\n<\/p>\n<p style=\"font-weight: 400;\">Deus Finance DAO has suffered another exploit and lost $13.4 million worth of ETH to a hacker less than a month after being hacked in a similar flash loan attack for roughly $3 million.<\/p>\n<h2>Deus DAO lost over $16 million to the two attacks<\/h2>\n<p style=\"font-weight: 400;\">Blockchain security company PeckShield first reported the exploit claiming that although the hacker gained around $13.4 million, the protocol might have lost more.<\/p>\n<p lang=\"en\" dir=\"ltr\">The @DeusDao was exploited today in https:\/\/t.co\/USKNHhXeid with ~$13.4M gain for the hacker (The protocol loss may be larger).<\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) April 28, 2022<\/p>\n<p style=\"font-weight: 400;\">According to PeckShield, the hacker used a flash loan to manipulate the price oracle and inflate the value of DEI. Then the hacker used the inflated DEI as collateral to borrow and drain the protocol. The exploit in March was achieved using the same method.<\/p>\n<p lang=\"en\" dir=\"ltr\">1\/ @deusdao Deus Finance was exploited in https:\/\/t.co\/bfYCQcz5rZ, leading to the gain of ~$3M for the hacker (The protocol loss may be larger), including 200,000 DAI and 1101.8 ETH<\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) March 15, 2022<\/p>\n<p>The hacker initially withdrew 800 ETH from Tornado Cash to imitate the exploit, sending the funds through Multichain into Fantom. After stealing the funds, the hacker paid the flash loan and sent the proceeds to his wallet.<\/p>\n<p style=\"font-weight: 400;\">It now appears that the hacker has moved most of the proceeds from the wallet, as only 0.85 ETH was in the wallet as of press time.<\/p>\n<h2>Deus team response<\/h2>\n<p style=\"font-weight: 400;\">In its initial response, Deus Finance DAO has called for calm after revealing that its team was working on it. The protocol claimed that all user funds were safe and no user was liquidated due to the exploit.\u00a0<\/p>\n<p style=\"font-weight: 400;\">The multichain decentralized derivatives platform also stated that the $DEI peg is restored and that it will provide more updates soon.<\/p>\n<p lang=\"en\" dir=\"ltr\">The dev team is working on the DEI situation.<\/p>\n<p>1. User funds are safe. No users were liquidated.<br \/>2. DEI lending has been temporarily halted.<br \/>3. $DEI peg has been restored.<\/p>\n<p>More details to follow.<\/p>\n<p>\u2014 DEUS Finance DAO (@DeusDao) April 28, 2022<\/p>\n<p style=\"font-weight: 400;\">Its founder, the pseudonymous lafachief, disagreed with how PeckShield described the exploit.<\/p>\n<p lang=\"en\" dir=\"ltr\">This is not exactly what happened, I will prepare something. https:\/\/t.co\/7zwuPNdkly<\/p>\n<p>\u2014 \u00b5 Lafa \u00b5 (@lafachief) April 28, 2022<\/p>\n<p style=\"font-weight: 400;\">He added that protocol uses \u201cMuon Oracles not onchain,\u201d and the hacker \u201cwas able to manipulate VWAP prices of Muon.\u201d He continued that the attacker \u201cbasically \u201cfaking\u201d swap of ~2M USDC to 100k DEI\u201d and \u201cmanipulated the Muon VWAP price with it.\u201d<\/p>\n<p lang=\"en\" dir=\"ltr\">This is what I know so far:<\/p>\n<p>The attacker used this tx to manipulate muon price:https:\/\/t.co\/G4hFwIjkBy<\/p>\n<p>Muon is checking for SWAPS inside of solidly pool, we were working on changing that together with muon to add more sources and filter out transactions\u2026<\/p>\n<p>\u2014 \u00b5 Lafa \u00b5 (@lafachief) April 28, 2022<\/p>\n<p style=\"font-weight: 400;\">Lossless DeFi, a crypto hack mitigation tool, also offered to help Deus catch the hacker if it was willing to cooperate.<\/p>\n<p lang=\"en\" dir=\"ltr\">Hey @DeusDao. Our team has looked into this and we believe we can catch the culprit with you. DMed you if you&#8217;d like to work together.<\/p>\n<p>\u2014 Lossless (@losslessdefi) April 28, 2022<\/p>\n<p style=\"font-weight: 400;\">However, some users are concerned about the platform\u2019s security, considering that the same exploit had happened twice in less than a month.<\/p>\n<h2>Get an Edge on the Crypto Market \ud83d\udc47<\/h2>\n<p>Become a member of CryptoSlate Edge and access our exclusive Discord community, more exclusive content and analysis.<\/p>\n<p>  <strong>On-chain analysis<\/strong><\/p>\n<p>  <strong>Price snapshots<\/strong><\/p>\n<p>  <strong>More context<\/strong><\/p>\n<p> Join now for $19\/month Explore all benefits<br \/>\n<br \/><script type=\"text\/javascript\">\r\namzn_assoc_placement = \"adunit0\";\r\namzn_assoc_tracking_id = \"totafreearti-20\";\r\namzn_assoc_ad_mode = \"search\";\r\namzn_assoc_ad_type = \"smart\";\r\namzn_assoc_marketplace = \"amazon\";\r\namzn_assoc_region = \"US\";\r\namzn_assoc_default_search_phrase = \"bitcoin\";\r\namzn_assoc_default_category = \"All\";\r\namzn_assoc_search_bar = \"false\";\r\namzn_assoc_title = \"\";\r\namzn_assoc_rows =\"1\";\r\n<\/script>\r\n<script src=\"\/\/z-na.amazon-adsystem.com\/widgets\/onejs?MarketPlace=US\"><\/script><br \/>\n<br \/><a href=\"https:\/\/cryptoslate.com\/deus-dao-suffers-another-flash-loan-exploit-loses-over-16m\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Deus Finance DAO has suffered another exploit and lost $13.4 million worth of ETH to a hacker less than a month after being hacked in a similar flash loan attack for roughly $3 million. Deus DAO lost over $16 million to the two attacks Blockchain security company PeckShield first reported the exploit claiming that although [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3736,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wp_rev_ctl_limit":""},"categories":[3],"tags":[],"class_list":["post-3735","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ethereum-news"],"_links":{"self":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/3735","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3735"}],"version-history":[{"count":1,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/3735\/revisions"}],"predecessor-version":[{"id":3737,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/3735\/revisions\/3737"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/media\/3736"}],"wp:attachment":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3735"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3735"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3735"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}