DeFi Deus Finance platform loses $15.7 million USD through flash loan attack

Deus Finance, a well-known decentralized finance (DeFi) platform has confirmed that a threat actor managed to steal millions of dollars in cryptocurrency from its systems overnight on Wednesday. The confirmation comes after blockchain analytics firms PeckShield and CertiK detected what they described as a “flash loan attack.”

In this attack variant, hackers borrow funds that do not require collateral, buy a significant amount of cryptocurrency to artificially increase its price, and then dispose of these virtual assets. The loan is settled and the borrower receives all the profits derived from this scheme.

According to PeckShield, around $13.4 million worth of cryptocurrency was stolen during the attack, although losses could increase. On the other hand, Certik estimates that the losses could exceed $15 million USD.

The Deus Finance platform gives developers a way to create financial services and is made up of two different currencies: DEI and DEUS. According to blockchain records, threat actors obtained $143 million USD in a flash loan, which they used to buy $9.5 million USD in DEI, Deus Finance’s stablecoin pegged to the US dollar. That purchase raised the price of DEI, allowing the attacker to repay the flash loan and make a net profit of around $13 million USD.

Through its official channels on Twitter and Telegram, Deus Finance assured that no client lost money: “All user funds are safe… The developers are still investigating the full scope of the attack and more details will be given soon.”

Apparently this is not the first time that Deus Finance has suffered the theft of its virtual assets. Last March, PeckShield reported that the company was the victim of a cyberattack that led to losses of more than $3 million USD, which required a prompt response from its security teams.

DeFi platforms are a frequent target of hackers, who are always analyzing their source code for exploitable vulnerabilities, in addition to taking advantage of the innate characteristics of cryptocurrencies to obtain quick profits in an undue way.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.