Decentralized Finance (DeFi) protocol DEUS has lost over $6 million due to a security breach on its stablecoin DEI. The hacker exploited a vulnerability in the BNB Smart Chain (BSC) on May 5, according to blockchain security firm PeckShield.
A bot initiated the hack on the BSC, which led to a loss of more than $1.3 million. The attacker also targeted the Arbitrum network, with ARB/ETH deployments losing over $5 million. Twitter users claimed the token contract had a basic implementation error as the root cause.
Hi @DeusDao: it appears to be a pubic burn vulnerability with loss > $1.3M alone at BSC. The ARB/ETH deployments are also affected.
The BSC hack was successfully frontrun by a bot: https://t.co/hXskQOIfwV
— PeckShield Inc. (@peckshield) May 5, 2023
The protocol confirmed the attack, paused all contracts, and burned DEI tokens to prevent any further damage. “We are currently in the process of comprehending the actual backing of DEI tokens,” said DEUS team on Twitter, adding that a “comprehensive recovery and redemption plan” will be created after a full analysis of the balances and snapshots.
DEI is used as a collateral mechanism for third-party instruments built on Fantom protocol. Its price dropped 30% over the past 24 hours, data from CoinMarketCap shows. The stablecoin is trading at $0.20 at the time of writing, losing its $0.30 peg. Last year, the stablecoin also lost its $1 peg in the wake of Terraform Labs collapse.
It is not the first time that DEUS Finance has been hacked. The protocol was exploited in March 2022 in a flash-loan attack, resulting in over $3 million losses in Dai (DAI) and Ether (ETH). At the time, Peckshield revealed the exploiters funneled the stolen funds using the coin mixer tool Tornado cash.
DEUS Finance is a decentralized marketplace that allows digital assets and non-digital assets, such as commodities, to be traded on the Ethereum blockchain.