- The breach led to a loss of over $5m on Arbitrum, and $1.3m in BNB Smart Chain
- DEUS had paused all contracts, and DEI tokens on chains were burnt to prevent further damage
- Following the exploit, the DEI stablecoin de-pegged, falling to as low as $0.28
Leading Decentralized Finance (DeFi) protocol DEUS has been subject to an exploit leading to a loss of over $6 million. The hacker reportedly exploited a vulnerability in the BNB Smart Chain (BSC) on May 5, as per blockchain security firm PeckShield.
Confirming the security breach, DEUS tweeted that it has paused all contracts, and DEI tokens on chains were burnt to prevent further damage. DEI is a stablecoin used as a collateral mechanism for third-party instruments built on the Fantom-based DeFi protocol DEUS Finance. The Defi platform further added that they are in the process of comprehending the actual backing of DEI tokens.
“After evaluating all balances, we will formulate a comprehensive recovery and redemption plan”, the tweet reads.
As per reports, a bot started the hack on the BSC, causing a loss of over $1.3 million. The attacker further targeted the Arbitrum network, with ARB/ETH deployments losing approximately $5 million.
The Defi platform confirmed that it had lost $5m from the Arbitrum network and $1.3m on the BSC. DEUS noted that the white-hat hackers determined that a vulnerability in DEI’s smart contract allowed anyone to mint a new DEI without any control. The attackers took leverage of this loophole and attempted to drain DEI from the affected networks.
Following the exploit, the DEI stablecoin de-pegged, falling to as low as $0.28 after a 71% fall. This is not however DEI’s first major setback in recent times. During the Terra-LUNA collapse in 2022, DEI depegged falling below a concerning $0.60.
This is not eth first-time DEUS finance has been subject to a security breach. Last year, hackers managed to exploit and manipulate a price oracle for flash loans, resulting in over $3 million in losses in Dai (DAI) and Ether for DEUS. The hacker behind the 2022 DEUS finance attack then funnelled the stolen funds using the coin mixer tool Tornado Cash via the Multichain Protocol.