Deus rekt machina.
Five months have passed since we last reported a flash loan attack, but they used to be commonplace.
Is DeFi growing stronger?
A flash loan attack was used to manipulate the balance of the Solidex USDC/DEI pool, which is used as an oracle for collateral value on Deus Finance’s $DEI lending contract.
This resulted in user positions becoming insolvent, which the hacker’s contract liquidated, before repaying the flash loan.
1: Flashloan 9,739342 DEI via SPIRIT-LP_USDC_DEI
2: Flashloan 24,772,798 DEI out of the sAMM-USDC/DEI pair (used as price oracle to calculate collateral value)
3: Liquidate the users who become insolvent from Step 2
4: Repay the borrowed 24,772,798 DEI to the sAMM-USDC/DEI pair
5: Burn the liquidated LP token to get 5,218,173 USDC + 5,246,603 DEI
6: Swap 5,218,173 USDC to 5,170,594 DEI
7: Repay flashloan with 3,001,552 DEI as hack profit
The project’s token, DEUS, dropped ~40% in the hour following the attack and, despite some recovery, remains volatile.
Deus have announced that they will be reimbursing affected users who return their DEI debts, returning their liquidated collateral.
Flash loan season taught even non-technical users about the importance of price oracles.
Security standards emerged from our baptism of fire, and the industry learned and moved forward.
Why didn’t Deus DAO have a more robust system in place?
REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.
donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C
REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.
you might also like...
It’s a hat trick for Deus DAO. Token holders lost a total of ~$6.5M and DEI depegged by over 80%. How many times can a thrice-hacked protocol be trusted?
Deus DAO double damage. In an unfortunate sequel to last month’s incident, the protocol has now lost a further $13.4M. How did the attacker bypass the new oracle?
So the rumours were true. At least according to Multichain. CEO Zhaojun has been in custody in China since May 21st, and he held all the keys. Multichain’s recent troubles have turned Fantom into a ghost town…