After the flash loan attack suffered by Deus that saw around $3 million stolen by the attacker, Deus released a statement through Medium, assuring the community that steps were being taken to ensure that user funds remained safe and that the team was working to improve the security on the protocol.
The Aftermath Of The Attack
The Deus statement revealed that despite the scale of the attack, the system and user funds remained safe. The team has also moved quickly to deactivate all affected contracts and is in constant touch with MUON to upgrade all existing oracles to mitigate any further risk. Alternatively, the team has also reached out to independent security researchers to examine all existing architecture of the protocol.
The statement also revealed that the team at Deus became aware of the attack on Mar-15–2022 07:30:00 AM +UTC. The team swung into action and immediately stopped the contracts on Mar-15–2022 07:40:00 AM +UT. After learning about the lost funds on Mar-15–2022 08:30:00 AM +UTC, the team decided to reimburse affected users from their personal and DAO treasuries.
User Funds Secure
In the statement, Deus stressed that user funds were not lost and remain secure, and any user affected by the exploit will be entirely reimbursed. To explain further, the sAMM within the borrowing contract will be replenished, with user balances restored to the value they had prior to the flash loan attack.
Deus revealed that the reimbursement would be a 1:1 reimbursement and that it would not be using any reimbursement token to make payments to users. CEO Lafayette Tabor stated on Twitter,
“We will create a contract you will be able to repay your DEBT on it and get your sAMM that were liquidated. We will also implement a feature that lets you swap DEI against a small MUON allocation. (paying from my team allocation).”
Reimbursement Possible Thanks To Personal And Deus DAO Funds
In the statement, Deus project lead and CEO Lafayette Tabor revealed that the reimbursement is possible thanks to the huge war chest that the Deus DAO acquired in 2020 and 2021. This is thanks to the Deusv1 token that Deus offered through a continuous token offering model. He further stated that while the project may take a hit, it will ensure that the project’s development is not affected.
An Analysis Of The Attack
DeFi analytic firm Peckshield analyzed the attack on Twitter, explaining how the funds were exploited, stating that the hackers managed to manipulate a price oracle for flash loans. The analysis revealed that the hackers manipulated the price of the StableV1 AMM – USDC/DEI pair, which is used by the Deus protocol to set prices for flash loans.
The analysis further revealed that the hacker managed to steal 200,000 DAI, along with 1101.8 ETH, estimating the value of the amount stolen at around $3 million. The funds were then funneled into the coin mixer tool Tornado Cash. Deus acknowledged the analysis, stating that it had previously put in a limit that prevented more damage to the protocol.
VWAP Oracles
Talking about the systems in place regarding the protocol’s security, Tabor stated that the protocol was closely working with MUON to implement the VWAP oracles, which DEUS plans to implement soon.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Credit: Source link
Bitcoin 
Ethereum 
Tether 
BNB 
Solana 
USDC 
Lido Staked Ether 
XRP 
Dogecoin 
Toncoin 
Cardano 
Shiba Inu 
Avalanche 
TRON 
Wrapped Bitcoin 
Bitcoin Cash 
Polkadot 
Chainlink 
NEAR Protocol 
Polygon 
Litecoin 
Internet Computer 
Uniswap 
LEO Token 
Dai 
First Digital USD 
Hedera 
Ethereum Classic 
Stacks 
Aptos 
Mantle 
Cronos 
Render 
Stellar 
Cosmos Hub 
Filecoin 
OKB 
Pepe 
Renzo Restaked ETH 
Immutable 
Bittensor 
dogwifhat 
XT.com 
VeChain 
Arbitrum 
Kaspa 
Maker 
Wrapped eETH 
Optimism 
The Graph 
