Main navigation

Here's Exactly How Hacker Stole $13.4 Million from This DeFi Platform

Thu, 04/28/2022 - 14:28
article image
Arman Shirinyan
Another platform attacked using simple exploit scheme
Here's Exactly How Hacker Stole $13.4 Million from This DeFi Platform
Cover image via
Read U.TODAY on
Google News

PeckShield, one of the best-known blockchain security firms in the industry, shared information about, possibly, one of the biggest exploits made by hackers recently. Today, the victim is DeusDao, which is the "world-first decentralized bilateral OTC derivatives platform," with $13.7 million of funds lost with possibly even more damage.

As the security firm suggests, the hack was possible thanks to the manipulation of the price oracle via flashloan. By manipulating the price oracle, hackers could borrow and drain the pool while not paying the corresponding collateral. As PeckShield suggested, the hack scheme was not new and had been used previously for exploiting other DeFi platforms.

PeckShield also described the four exact steps that allowed a hacker or group of hackers to steal the abovementioned funds. First, hackers flashloaned $143 million USDC and swapped them to 9.5 million DEIO by using the sAMM-USDC/DEI_USDC_DEI pair, which made DEI extremely expensive. With only 71,436 DEI as collateral, the hacker could borrow 17 million DEI thanks to the price manipulation and repay the flashloan, while leaving $13 million as hack profits.

The whole exploit is possibly due to issues in the code that mess up the price oracle function responsible for proper price balancing.

Shiba Inu Price Chart Hints at Incoming Move, Indicators Reveal This

As the post suggests, the initial 800 ETH that were used to launch the hack process were withdrawn from TornadoCash coin mixing solution and then sent to Fantom by using multichain.

Following the successful hack, funds were sent back to Ethereum wallet ending in a37cb and then sent to TornadoCash once again in order to cover all tracks remaining after another hack. Most likely, the hack is tied to one of the hacker group who have repetedly attacked various DeFi and NFT projects since last month.

article image
About the author

Arman Shirinyan is a trader, crypto enthusiast and SMM expert with more than four years of experience.

Arman strongly believes that cryptocurrencies and the blockchain will be of constant use in the future. Currently, he focuses on news, articles with deep analysis of crypto projects and technical analysis of cryptocurrency trading pairs.