Table of Contents
- The Aftermath Of The Attack
- User Funds Secure
- Reimbursement Possible Thanks To Personal And Deus DAO Funds
- An Analysis Of The Attack
- VWAP Oracles
After the flash loan attack suffered by Deus that saw around $3 million stolen by the attacker, Deus released a statement through Medium, assuring the community that steps were being taken to ensure that user funds remained safe and that the team was working to improve the security on the protocol.
The Aftermath Of The Attack
The Deus statement revealed that despite the scale of the attack, the system and user funds remained safe. The team has also moved quickly to deactivate all affected contracts and is in constant touch with MUON to upgrade all existing oracles to mitigate any further risk. Alternatively, the team has also reached out to independent security researchers to examine all existing architecture of the protocol.
The statement also revealed that the team at Deus became aware of the attack on Mar-15–2022 07:30:00 AM +UTC. The team swung into action and immediately stopped the contracts on Mar-15–2022 07:40:00 AM +UT. After learning about the lost funds on Mar-15–2022 08:30:00 AM +UTC, the team decided to reimburse affected users from their personal and DAO treasuries.
User Funds Secure
In the statement, Deus stressed that user funds were not lost and remain secure, and any user affected by the exploit will be entirely reimbursed. To explain further, the sAMM within the borrowing contract will be replenished, with user balances restored to the value they had prior to the flash loan attack.
Deus revealed that the reimbursement would be a 1:1 reimbursement and that it would not be using any reimbursement token to make payments to users. CEO Lafayette Tabor stated on Twitter,
“We will create a contract you will be able to repay your DEBT on it and get your sAMM that were liquidated. We will also implement a feature that lets you swap DEI against a small MUON allocation. (paying from my team allocation).”
Reimbursement Possible Thanks To Personal And Deus DAO Funds
In the statement, Deus project lead and CEO Lafayette Tabor revealed that the reimbursement is possible thanks to the huge war chest that the Deus DAO acquired in 2020 and 2021. This is thanks to the Deusv1 token that Deus offered through a continuous token offering model. He further stated that while the project may take a hit, it will ensure that the project’s development is not affected.
An Analysis Of The Attack
DeFi analytic firm Peckshield analyzed the attack on Twitter, explaining how the funds were exploited, stating that the hackers managed to manipulate a price oracle for flash loans. The analysis revealed that the hackers manipulated the price of the StableV1 AMM – USDC/DEI pair, which is used by the Deus protocol to set prices for flash loans.
The analysis further revealed that the hacker managed to steal 200,000 DAI, along with 1101.8 ETH, estimating the value of the amount stolen at around $3 million. The funds were then funneled into the coin mixer tool Tornado Cash. Deus acknowledged the analysis, stating that it had previously put in a limit that prevented more damage to the protocol.
Talking about the systems in place regarding the protocol’s security, Tabor stated that the protocol was closely working with MUON to implement the VWAP oracles, which DEUS plans to implement soon.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.Investment Disclaimer