DEUS Finance Stablecoin Hack Leads to $6 Million Loss – Here’s What Happened
DeFi protocol DEUS Finance lost more than $6 million in a hack over the weekend which exploited a vulnerability in the stablecoin DEI, but a large chunk of it has now been recovered.
According to blockchain security firm PeckShield, the attack targeted DEUS Finance’s own stablecoin DEI on the networks BNB Smart Chain and Arbitrum.
DEI, which is supposed to be pegged at $1, hasn’t traded at its intended peg since May of last year, and at the time of writing the price stood at $0.28, data from CoinMarketCap shows.
Public burn attack
The BNB Smart Chain attack was reportedly carried out thanks to a so-called public burn vulnerability, leading to a loss of more than $1.3 million from the blockchain, PeckShield wrote in a tweet this weekend.
Additionally, the attack also targeted Arbitrum, leading to a loss of more than $5 million from that network.
Arbitrum is a layer 2 scaling solution for Ethereum, and the network operates with its own ARB token.
Further details about the attack were also shared in PeckShield’s tweet:
The arbitrum deployment was hacked w/ loss > $5m and here is the related tx: https://t.co/F0nVJL0LP5 pic.twitter.com/c6rGOC5mC9
— PeckShield Inc. (@peckshield) May 5, 2023
Other users also shared details on the attack, with one user claiming the root cause was a “basic implementation error in the token contract.”
DEI has been exploited on Arbitrum, possibility other networks too. The root cause is a basic implementation error in the token contract.https://t.co/CbvKFz86PR pic.twitter.com/xxc98QeMyB
— adamb (@adamb83024264) May 5, 2023
Recovery efforts
The same that pointed out the cause of the attack also said he has taken part in efforts to recover some of the lost funds, saying he is attempting to use so-called white hat hacking techniques to recover some of the funds.
He added a day later that recovered funds have been sent to a special wallet managed by DeFi developer @lafachief and “trusted members” of the Yearn Finance DeFi project.
Whitehatted funds have been sent to a special 2/3 recovery multisig that is being managed by @lafachief and trusted members of @yearnfi. (See txs here: https://t.co/YRdAaMaEca)
— adamb (@adamb83024264) May 6, 2023
Best of luck to everyone with the ongoing recovery effort. https://t.co/irb9jxoOTT
Confirmation that recovered funds had been collected was later shared on Twitter by the team behind DEUS, saying it is now held in a multi-signature wallet.
At the time of writing, the wallet referred to holds 2,023 ETH tokens, worth some $3.8 million. The ETH was received from an address marked as “Deus DEI Exploiter” on Sunday.
Additionally, the wallet holds $158,857 worth of DEUS tokens and $702,370 worth of the stablecoin USDC.
We officially confirm that Whitehatted funds that were collected by @adamb83024264 & @pcaversaccio https://t.co/g8ixpaT85U
— DEUS (@DeusDao) May 7, 2023
Have been returned to a special designated 2/3 recovery multisig managed by @lafachief and trusted members of @yearnfi
msig address:… https://t.co/3z84P3XCQC
It remains unknown at this point whether the rest of the missing funds will be recovered, and if affected users can count on being made whole.