DEI stablecoin suffered a multichain exploit on Arbitrum, Ethereum, and BNB Smart Chain (BSC) that resulted in a loss of about $6.5 million. But some of the stolen funds have now been returned.
DEI stablecoin issuer Deus Finance confirmed that one of its exploiters returned $1.07 million DAI to its multi-signature wallet. On May 6, the protocol said it would treat refunds as a white hat rescue and offered a 20% bounty.
How DEI Was Exploited
Blockchain security firm BlockSec reported that the exploiter took advantage of a newly added function that was poorly implemented. The bad implementation made the function a public burn, and the exploiter used it to manipulate the token price.
Most of the stolen funds came from Arbitrum, where the hacker made over $5 million and then swapped most of the profits for 2529 ETH.
The hacker also bridged $10,000 USDC to Binance Smart Chain (BSC) using Multichain, exchanging the USDC for ETH before bridging back to Ethereum.
The hacker made about $1.3 million on BSC and transferred all the funds to another address, 0xdf61. The address then converted the funds from BUSD to DAI. Additionally, the exploiter made $135,000 on Ethereum and immediately converted the funds into ETH.
BlockSec noted that the exploiter got its initial funding from Tornado Cash and Binance.
White Hat Hackers Helped to Limit Damage
On May 6, Deus Finance announced that it had suspended the affected contracts and burned DEI with the help of White Hat hackers to prevent additional damage. It added that it would release a postmortem later.
Meanwhile, the damage appears to have been limited by white hat hackers who front-ran some transactions. Peckshield reported that a bot successfully front-ran the BSC hack.
This is the third time Deus has been exploited in the past year. Between March and April 2022, the protocol lost around $16 million to flash loan attacks.
Efforts Continue to Restore DEI Peg
The DEI stablecoin lost its peg after the attack. It is currently trading at $0.34 as of press time, according to BeInCrypto data. Deus has started efforts to restore the peg, which will involve burning all outstanding DEI and increasing backing for other users.
“Users are advised to remain patient and not interact with current DEI contracts until a concrete redemption plan is available,” the protocol said.
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.