Deus Finance Stablecoin Contract Exploited For $6 million

Decentralized finance (DeFi) protocol Deus Finance has lost over $6 million due to a security breach on its stablecoin DEI (DEI). The hacker exploited a vulnerability in the BNB Smart Chain (BSC) on May 5th, according to blockchain security firm PeckShield.

A bot initiated the hack on the BSC, which led to a more than $1.3 million loss. The attacker also targeted the Arbitrum network, with ARB/ETH deploymfents losing over $5 million. Security researchers claim the token contract had a basic implementation error as the root cause, over $DEI, which is a fractional reserve stablecoin forked from frax.finance.

Update on DEI tokens security breach

Yesterday:
In response to the security breach, all contracts were paused, and DEI tokens on chains were burnt to prevent further damage

— DEUS (@DeusDao) May 6, 2023

Deus Finance is a decentralized marketplace that allows for digital and non-digital assets, such as commodities, to be traded on the Ethereum blockchain. The platform operates using a peer-to-peer bilateral agreement system, enabling digitized derivatives to be cleared directly between two parties in a trustless manner. Decentralized threshold-signature-based oracles help verify agreements by providing economic-driven third-party market observations.

The marketplace uses an n-dimensional "request for Quote" system, which lets liquidity providers produce derivatives with their preferred rulesets, creating unlimited market access. Users can create an immutable "request for Quote" on the blockchain with their desired trade parameters, allowing third-party order matching engines to connect sellers with buyers.

In Deus Finance's particular implementation, "n-dimensional" refers to a system that can have multiple variables or parameters influencing the outcome or decision-making process, where n represents an arbitrary number of dimensions, which can be customized to accommodate various factors or conditions.

Such a system allows liquidity providers to create derivatives with their preferred rulesets, considering multiple parameters simultaneously, leading to a more flexible and personalized trading environment. This approach contrasts with traditional order book-based exchanges that typically use a single variable, such as price, to match orders and limit market variety.

Deus Finance's $DEI has already lost its peg with the U.S. dollar last year.

In response to the attack, the protocol paused all contracts and burned DEI tokens to prevent further damage. “We are currently in the process of comprehending the actual backing of DEI tokens,” said the Deus team on Twitter, adding that a “comprehensive recovery and redemption plan” will be created after a full analysis of the balances and snapshots.

DEI is used as a collateral mechanism for third-party instruments built on the Fantom protocol. Its price dropped 30% over the past 24 hours, data from CoinMarketCap shows. The stablecoin is trading at $0.20 at the time of writing, losing its $0.30 peg. Last year, the stablecoin also lost its $1 peg after the Terra collapse.

This is not the first time that Deus Finance has been hacked. The protocol was exploited in March 2022 in a flash-loan attack, resulting in over $3 million in losses in Dai (DAI) and Ether (ETH). At the time, PeckShield revealed the exploiters funneled the stolen funds using the crypto mixer Tornado Cash.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.