Deus Finance Suffers $6.5 Million Hack Across Multiple Networks

Summary

On May 5, 2023, Deus Finance, a DeFi protocol operating across Ethereum, Arbitrum, and BNB Chain, experienced a severe security breach. A vulnerability in the $DEI token contract allowed attackers to unauthorizedly burn and transfer tokens, culminating in losses estimated at $6.5 million.

Attackers

The identity of the hackers who attacked Deus Finance is unknown.

Hacker Wallets:

Losses

The total loss from the Deus Finance hack amounted to approximately $6.5 million, distributed across the following networks:

Timeline

  • May 05, 2023, 05:52 PM UTC: The first malicious transaction occurred.
  • May 06, 2023, 06:21 PM UTC: Deus Finance reported a hack.
  • May 07, 2023, 09:02 AM UTC: Deus Finance confirmed that a portion of those stolen funds had been successfully returned to the team.
  • May 09, 2023 Immunebytes published a detailed analysis of the incident.

Security Failure Causes

  • Smart Contract Vulnerability: The significant security breach in Deus Finance originated from a flaw within the token contract, specifically in how token allowances were handled. This error permitted unauthorized burning and transferring of tokens. By exploiting this vulnerability, attackers could gain control over another user’s tokens without permission and transfer them to their accounts.