Menu
Browse

Cyber Threat Actor: Deus Hacker

Actor Type Location Known Incidents
 Icon
Criminal
Brazil
1 incident
Profile

Deus Hacker is a threat actor publicly associated with financially motivated attacks targeting decentralized finance (DeFi) ecosystems. The entity operates under this singular alias, with no additional monikers confirmed in open-source reporting. Publicly available information places the actor’s activity within Brazil, though no further geographic specifics or organizational structure is documented. Its operations center on exploiting vulnerabilities in blockchain-based financial protocols to extract cryptocurrency assets, reflecting a focus on theft rather than disruption or espionage.

The actor’s sole publicly reported operation involved a flash loan attack against a DeFi platform in April 2022, resulting in losses exceeding $13 million. This campaign leveraged a variant of the flash loan technique, borrowing $143 million in cryptocurrency to artificially manipulate the price of a stablecoin, enabling the illicit acquisition of funds. The attacker subsequently obscured transaction trails using a cryptocurrency mixer, complicating asset recovery. The targeted platform acknowledged protocol-level financial impacts but emphasized no direct compromise of user wallets, temporarily suspending lending services to mitigate further exposure. This incident followed a similar but smaller-scale attack weeks prior against the same platform, netting approximately $3 million, indicating a pattern of recurring exploitation against DeFi protocols with unpatched smart contract flaws or price oracle weaknesses. Deus Hacker’s tactics demonstrate familiarity with blockchain transaction mechanics, specifically the abuse of rapid, uncollateralized loans and liquidity pool imbalances to create artificial price discrepancies. No malware, phishing infrastructure, or persistent access methods are referenced in attributed incidents, suggesting operations reliant on protocol manipulation rather than endpoint compromise. There is no evidence of state affiliation or collaboration with criminal consortiums in available reporting.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources