DeFi Protocol Deus Loses Over $6M in Bug Exploit

Hacker

Deus Finance, a decentralized marketplace for financial services, has lost more than $6 million in cryptocurrencies to attackers through a public burn vulnerability on its stablecoin DEI (DEI).

Deus Finance Exploited For $6.3M

According to a tweet by blockchain security firm PeckShield, the exploit, which occurred on May 5, was executed through the BNB Smart Chain (BSC) and the Arbitrum network.

The attacker exploited a vulnerability in the DEI token’s contract on BSC. The BSC hack, front-run by a bot, led to a $1.3 million loss. The security firm noted that the DEI contract on BSC was last upgraded on April 10, 2023.

The hacker also exploited the Arbitrum network’s ARB/ETH deployments, leading to losses of more than $5 million. One Twitter user named @adamb insisted that the root cause of the hack was a basic implementation error in the DEI token contract. 

As soon as Deus discovered the hack, the protocol paused all contracts and, with the help of white hat hackers, burned all DEI tokens on chains to mitigate the damage. 

“We are currently in the process of comprehending the actual backing of DEI tokens. To achieve this, snapshots of all DEI balances are taken before the tokens are burnt. After evaluating all balances, we will formulate a comprehensive recovery and redemption plan,” Deus said.

Not the First Time

The decentralized marketplace further informed users stuck during their attempts to arbitrage after the hack that there would be an evaluation, which may allow them to reverse the transactions.

The Deus team assured users that the protocol’s current v3 system, which is isolated from DEI, was unaffected by the hack. Users were advised to stay away from the current DEI contracts until a redemption plan was finalized.

DEI lost its $1.00 peg and plunged by 71% immediately after the hack to $0.293, according to data from CryptocurrenciesToWatch. At the time of writing, the token was trading at $0.343 after a slight recovery.

Meanwhile, the recent incident is not the first attack on the Deus protocol. The platform lost over $3 million in Dai (DAI) and Ether (ETH) in March 2022 via a flash loan attack.