Cyber Incident Victim: Deus Finance
Date:
Apr 2022
Location:
United States of America
Summary
An attacker exploited a flash loan attack variant to steal over $13 million from a decentralized finance platform, manipulating the price of its stablecoin by borrowing $143 million to artificially inflate its value before profiting and obscuring the funds via a cryptocurrency mixer. The platform confirmed protocol losses but asserted no user funds were impacted, temporarily halting lending operations while working to recover assets and address vulnerabilities; this followed a similar $3 million attack weeks prior, highlighting recurring security challenges in DeFi ecosystems where attackers exploit smart contract flaws and price discrepancies.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 27, 2022, decentralized finance (DeFi) platform Deus Finance suffered an attack resulting in the theft of millions of dollars. Blockchain security firms PeckShield and CertiK identified the incident as a variation of a flash loan attack, where an attacker borrowed funds without collateral to manipulate cryptocurrency prices. The hacker executed a $143 million flash loan, purchasing 9.5 million DEI—Deus Finance’s dollar-pegged stablecoin—which artificially inflated its price. This allowed the attacker to repay the loan while retaining approximately $13.4 million in profit according to PeckShield, though CertiK estimated losses at 5,446 ETH (approximately $15.7 million). Blockchain data revealed the stolen funds were routed through Tornado Cash, a cryptocurrency mixer obscuring transaction origins. The attack exploited vulnerabilities in Deus Finance’s protocol, specifically targeting its DEI stablecoin and lending mechanisms. This marked the second flash loan attack against Deus Finance in six weeks, following a March 15 incident that caused $3 million in losses.
Deus Finance acknowledged the attack through Twitter and Telegram statements on April 28, asserting no customer funds were lost or liquidated but confirming protocol-level losses. The team temporarily halted DEI lending and restored the stablecoin’s dollar peg. A Deus developer clarified the attacker manipulated on-chain pricing via flash loans and indicated the loss would be covered through the platform’s veDEUS token mechanism. The platform collaborated with centralized exchanges (CEXs) and unspecified agencies to recover funds, while investigating a potential zero-day exploit on the Solidly exchange platform. PeckShield noted the attack’s complexity exceeded typical flash loan patterns, though the origin of the $143 million loan remained unconfirmed. The incident occurred amid escalating DeFi exploits, with Chainalysis reporting $2.2 billion stolen from DeFi protocols in 2021 and high-profile attacks like the $500 million Ronin Network breach occurring weeks earlier.