Deus Finance Suffers $3M Oracle Exploit

Deus Finance Suffers $3M Oracle Exploit

news image

Key Takeaways

  • Deus Finance has suffered a $3 million exploit involving a flash loan.
  • The exploit appears to have been the result of price manipulation in Deus’ oracle, Muon.
  • The team has revealed plans to reimburse the affected users.

Deus Finance has recently announced it would close its DEI lending contract following a price oracle exploit. The twitter announcement, also said both of the protocol’s native tokens, $DEUS and $DEI, were unaffected.

The DeFi protocol has been hacked for a total value of $3 million. According to a separate tweet from Peckshield, the hack could potentially result in wider losses for the protocol (including 200,000 DAI and 1101.8 ETH).

Oracle Manipulation

Deus Finance has confirmed an exploit involving the manipulation of its oracle, Muon. It also announced closure of its DEI lending contract following the oracle exploit.

The exploit was conducted using a flash loan, a mechanism that allows users to borrow and return a specific amount of funds within the same smart contract function. Flash Loans are mainly used to take advantage of arbitrage opportunities involving the difference in price of one token in various DeFi protocols.

Deus Finance relies on an oracle called Muon to provide offchain data to its smart contracts. In this case, the flash loan has managed to manipulate the oracle that updates the price from the USDC/DEI pools in Solidly and Spirit. The attack has caused a depeg between the token pair, resulting in a cascade of liquidations and users becoming insolvent. At the same time, the unknown exploiter used TornadoCash, a protocol that helps obfuscate smart contract transactions and make traceability more difficult, after bridging the funds in and out of the Fantom chain.

The full transaction execution can be seen here.

According to the project’s website, Deus Finance Evolution is a DeFi platform that provides open source infrastructure allowing third parties to build financial instruments such as synthetic stock, options, and prediction market trading platforms.

The project is compatible with the Fantom, Ethereum, Polygon and Avalanche blockchains, among others, and uses the native token DEI, a cross-chain stablecoin that allows users to send a stablecoin to any compatible chain and claim it on the other side with zero slippage. DEI is also utilized as the collateral mechanism for all third-party applications built on Deus.

A core developer of the protocol has tweeted a reimbursement notice assuring that the team is working on fixing the issue, and will be reimbursing everyone affected by the exploit via a smart contract. This solution will allow affected users to recover their losses. The reimbursement will be paid through the team’s personal and DEUS DAO funds.

In addition, Lafayette Tabor (the core developer mentioned above) has published a post mortem in his Medium channel stating that the team would take some actions following the hack:

Your funds and our system are safe, we deactivated all affected contracts and have been in contact with MUON to upgrade our oracles immediately to mitigate further risks for future implementations, we also contacted some security researchers to take a look at our architecture.”

The hack happened just over a week after prominent DeFi developers Anton Nell and Andre Cronje made the controversial decision to stop contributing in the crypto space. Much of Cronje’s work was related to projects in the Fantom ecosystem. Since the announcement Fantom token has dropped 40% and is currently trading at $1.08, down 68.8% from its $3.46 all-time high in Oct. 2021.

In response to the tweet from Anton Nell on March 6th (announcing departure from the crypto space) Deus Finance announced its intention of capturing some of the NFT space market share by building a money market on top of the veNFT so users could hold liquid positions against their NFTs,  borrow against, and sell them in the market.

Deus has had a noticeable price action since inception at the start of Oct. 2021. In the last 60 days the price has risen 1,267%. It’s all time low was $23.58 and it is currently sitting at $425.

Disclosure: At the time of writing, the author of this piece owned ETH, and several other cryptocurrencies. 

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.

NFT Express: Your on-ramp to the world of NFTs

At Tatum, we’ve already made it super easy to create your own NFTs on multiple blockchains without having to learn Solidity or create your own smart contracts. Anyone can deploy…

$5M in Ethereum Lost in THORChain Exploit

THORChain is the latest DeFi attack victim.  THORChain Pauses Network After Attack  THORChain has been exploited.  The DeFi network, which focuses on cross-chain interoperability between protocols like Bitcoin and Ethereum,…

$120M Lost in BadgerDAO DeFi Hack

BadgerDAO, a DeFi protocol for earning yield with tokenized Bitcoin on Ethereum, has fallen victim to an attack. The hacker reportedly added a malicious script to the protocol’s frontend website,…

$136M Lost as Cream Finance Suffers Another Flash Loan Attack

Decentralized lending protocol Cream Finance has been hit by a major flash loan attack. The assailant borrowed $2 billion from Aave and made off with over $136 million worth of…

Read More