The DEUS Finance Breach: A Troubling Weekend for DeFi

In a significant blow to decentralized finance (DeFi), DEUS Finance fell victim to a major cybersecurity breach last weekend. The breach led to losses of over $6 million. Despite the extensive damage, swift and coordinated recovery efforts have managed to restore a substantial part of the stolen funds.

Unraveling the DEUS Finance Cyberattack: DEI Stablecoin in the Crosshairs

Blockchain security experts at PeckShield disclosed that the attackers exploited DEUS Finance’s DEI stablecoin on two principal networks: the BNB Smart Chain and Arbitrum. DEI, designed to hold a consistent value of $1, is currently trading at a mere $0.28, according to CoinMarketCap, significantly deviating from its intended peg.

Deconstructing the Public Burn Exploit

Hi @DeusDao: it appears to be a pubic burn vulnerability with loss > $1.3M alone at BSC. The ARB/ETH deployments are also affected.

The BSC hack was successfully frontrun by a bot: https://t.co/hXskQOIfwV

The DEI token @ BSC was upgraded on Apr-10-2023 https://t.co/QJHwnZaXMk pic.twitter.com/C51CnVsg1B
— PeckShield Inc. (@peckshield) May 5, 2023

PeckShield, through a tweet, revealed that the attackers utilized a vulnerability called ‘public burn’ on the BNB Smart Chain, resulting in the loss of over $1.3 million. Concurrently, the breach also affected Arbitrum, leading to an additional loss of more than $5 million. Users of the Ethereum layer 2 scaling solution identified a significant error in the token contract as the core issue.

DEUS Finance’s Vigorous Recovery Initiative

In a collaborative effort, the user who discovered the issue also joined the recovery process, using white hat hacking methods to retrieve the stolen assets. DEUS Finance later confirmed on Twitter that the recouped funds were safely stored in a multi-signature wallet, under the supervision of the DeFi developer @lafachief and the trusted team at Yearn Finance DeFi project.

DEI has been exploited on Arbitrum, possibility other networks too. The root cause is a basic implementation error in the token contract.https://t.co/CbvKFz86PR pic.twitter.com/xxc98QeMyB
— adamb (@adamb83024264) May 5, 2023

At present, the wallet holds 2,023 ETH tokens, equating to around $3.8 million. These funds were received from an account named “Deus DEI Exploiter”. The wallet also stores DEUS tokens worth $158,857 and USDC stablecoin valued at $702,370. The fate of the remaining stolen funds is uncertain, and whether the affected users will receive full compensation remains a question.

Navigating the Future: DEUS Finance After the Breach

We officially confirm that Whitehatted funds that were collected by @adamb83024264 & @pcaversaccio https://t.co/g8ixpaT85U

Have been returned to a special designated 2/3 recovery multisig managed by @lafachief and trusted members of @yearnfi

msig address:… https://t.co/3z84P3XCQC
— DEUS (@DeusDao) May 7, 2023

The DEUS Finance breach serves as a stark reminder of the persistent cybersecurity threats in the DeFi landscape. While the recovery initiative has yielded impressive results, preventative strategies to avoid such incidents are urgently needed. It’s yet to be seen how DEUS Finance and the larger DeFi industry will respond to this demand.

***

Debangshu

Debangshu is a content writer specializing in the Crypto and DeFi beats. Moreover, he holds 3 years of writing experience in technical niches. He has produced content for a wide range of publications and news outlets, ranging from cryptocurrency-oriented websites to corporate websites.

Post Views: 7,592

Categories

Ecosystem

Rebase Integrates with LayerZero to unleash Cross-Chain Potential!

A Promise to Prioritizing Crypto Users’ Interests From Products to Services

CoinEx Takes the Center Stage as the Official Title Sponsor for BlockTalks Event in Bengaluru

AFAQ Group Announces the 24th Financial Expo-QFEX

About

Recent Posts

TAGS