Here’s Exactly How Hacker Stole $13.4 Million from This DeFi Platform

AnalysisHere's Exactly How Hacker Stole $13.4 Million from This...


PeckShield, one of the best-known blockchain security firms in the industry, shared information about, possibly, one of the biggest exploits made by hackers recently. Today, the victim is DeusDao, which is the “world-first decentralized bilateral OTC derivatives platform,” with $13.7 million of funds lost with possibly even more damage.

As the security firm suggests, the hack was possible thanks to the manipulation of the price oracle via flashloan. By manipulating the price oracle, hackers could borrow and drain the pool while not paying the corresponding collateral. As PeckShield suggested, the hack scheme was not new and had been used previously for exploiting other DeFi platforms.

PeckShield also described the four exact steps that allowed a hacker or group of hackers to steal the abovementioned funds. First, hackers flashloaned $143 million USDC and swapped them to 9.5 million DEIO by using the sAMM-USDC/DEI_USDC_DEI pair, which made DEI extremely expensive. With only 71,436 DEI as collateral, the hacker could borrow 17 million DEI thanks to the price manipulation and repay the flashloan, while leaving $13 million as hack profits.

The whole exploit is possibly due to issues in the code that mess up the price oracle function responsible for proper price balancing.

Ads

As the post suggests, the initial 800 ETH that were used to launch the hack process were withdrawn from TornadoCash coin mixing solution and then sent to Fantom by using multichain.

Following the successful hack, funds were sent back to Ethereum wallet ending in a37cb and then sent to TornadoCash once again in order to cover all tracks remaining after another hack. Most likely, the hack is tied to one of the hacker group who have repetedly attacked various DeFi and NFT projects since last month.



Learn more

Latest news

Yamana Gold’s $4.8 Billion Takeover Wins Backing from Investors

(Bloomberg) -- The biggest gold acquisition in nearly a year is a step closer to reality after investors...

Fixing Water Systems In East Africa Before Problems Get Out Of Hand

When we last met Sarah Evans and Kathryn Bergmann, they were in the early days of running their...

XRP Price Analysis for January 31

Disclaimer: The opinion expressed here is not investment advice – it is provided for informational purposes only. It...

Pfizer forecasts big drop in revenue after record $100M COVID-led haul

Pfizer on Tuesday forecast a bigger-than-expected drop in sales of its COVID-19 vaccine and treatment for 2023, intensifying investor...

Nine Mistakes New Entrepreneurs Often Make With Marketing

One of the first steps entrepreneurs should take after starting their business is getting word out to the...

Must read

Yamana Gold’s $4.8 Billion Takeover Wins Backing from Investors

(Bloomberg) -- The biggest gold acquisition in nearly...

Fixing Water Systems In East Africa Before Problems Get Out Of Hand

When we last met Sarah Evans and Kathryn...

XRP Price Analysis for January 31

Disclaimer: The opinion expressed here is not investment...

You might also likeRELATED
Recommended to you