Deus Finance Suffers $6.5 Million Hack Across Multiple Networks

May 5, 2023

Summary #

On May 5, 2023, Deus Finance, a DeFi protocol operating across Ethereum, Arbitrum, and BNB Chain, experienced a severe security breach. A vulnerability in the $DEI token contract allowed attackers to unauthorizedly burn and transfer tokens, culminating in losses estimated at $6.5 million.

Attackers #

The identity of the hackers who attacked Deus Finance is unknown.

Hacker Wallets:

Ethereum:
- 0x189cf534de3097c08b6beaf6eb2b9179dab122d1
Binance Smart Chain:
- 0x5a647e376d3835b8f941c143af3eb3ddf286c474
Arbitrum:
- 0x189cf534de3097c08b6beaf6eb2b9179dab122d1

Losses #

The total loss from the Deus Finance hack amounted to approximately $6.5 million, distributed across the following networks:

Arbitrum: $5 million
BNB Chain: $1.3 million
Ethereum: $135,000

Timeline #

May 05, 2023, 05:52 PM UTC: The first malicious transaction occurred.
May 06, 2023, 06:21 PM UTC: Deus Finance reported a hack.
May 07, 2023, 09:02 AM UTC: Deus Finance confirmed that a portion of those stolen funds had been successfully returned to the team.
May 09, 2023 Immunebytes published a detailed analysis of the incident.

Security Failure Causes #

Smart Contract Vulnerability: The significant security breach in Deus Finance originated from a flaw within the token contract, specifically in how token allowances were handled. This error permitted unauthorized burning and transferring of tokens. By exploiting this vulnerability, attackers could gain control over another user’s tokens without permission and transfer them to their accounts.

Market Health Metrics API

Benford's Law

Volume distribution analysis

Time-of-Trade

Buy/Sell Ratio

VWAP

Attack Types

Entity Types

Target Entities

51% Attacks

Custodian Attacks

Flash Loan Attacks

Lockout Scams

Phishing Attacks

Reentrancy Attacks

Rug Pull Scam