Multiple hack attacks have already unfolded this month, the most recent being Deus Finance DAO, which suffered a flash loan exploit and lost funds worth over $13.4 million.
Flash loans are intended for arbitrage trading and capital efficiency, and hackers have taken advantage of them to corrupt DeFi price data feeds (oracles) and carry out exploits.
As per blockchain security firm PeckShield, the hacker used a flash loan to manipulate the pricing oracle within one of Fantom’s liquidity pools, involving DEI token paired against the USDC stablecoin.
The flash-loan assisted manipulation caused DEI’s price to skyrocket. Within the same flash loan transaction, the inflated value of DEI was used as collateral to borrow further funds.
After swapping the extra borrowed funds for USDC stablecoin, the hacker repaid the flash loan, earning around $13.4 million.
The perpetrator then transferred the stolen funds from Fantom to Ethereum via Multi Chain which is now sitting in the hacker’s address. They were routed through Tornado Cash, an Ethereum transaction encryption technique.
Deus Finance says it has ceased lending of the DEI tokens as a result of the hack event. It went on to say that customer funds are safe and that further information would be coming later.
Deus also revealed that the dev team is working on the DEI situation and the $DEI peg has been restored.
And this isn’t the platform’s first exploit event. Just last month Deus Finance was compromised by hackers that led to $3M in losses in DAI and Ethereum. Here too the hacker managed to access the price oracle for flash loans, which ultimately drove funds of many users.
