DeFi protocol DEUS Finance lost more than $6 million over the weekend in a hack that exploited a vulnerability in the stablecoin DEI, but a large portion of it has now been recovered.
According to blockchain security firm Peckshield, the attack targeted DEI, the BNB smart chain and DEUS Finance’s own stablecoin on the Arbitrum network.
The DEI, which should be pegged at $1, hasn’t traded at its intended peg since May of last year, and the price stood at $0.28 at the time of writing, data from CoinMarketCap shows.
public burn attack
Peckshield wrote in a tweet this weekend that the BNB Smart Chain attack was allegedly carried out thanks to a so-called public burn vulnerability, which resulted in a loss of over $1.3 million from the blockchain.
Additionally, the attack also targeted Arbitrum, causing over $5 million in losses from that network.
Arbitrum is a layer 2 scaling solution for Ethereum, and the network operates on its own arb token.
Peckshield’s tweet also shared more details about the attack:
Other users also shared details on the attack, with one user claiming that the root cause was a “basic implementation error in the token contract.”
recovery efforts
The same one who pointed to the cause of the attack also said that he participated in efforts to recover some of the lost funds, adding that he was attempting to use so-called white hat hacking techniques to recover some of the funds. doing.
He added a day later that the recovered funds were sent to a special wallet managed by DeFi developer @lafachief, a “trusted member” of the Yearn Finance DeFi project.
Confirmation that the recovered funds had been collected was later shared on Twitter by the team behind DEUS, adding that it is now held in a multi-signature wallet.
at the time of writing, purse The referrer holds 2,023 ETH tokens, which are worth approximately $3.8 million. The ETH was received on Sunday from an address marked “Deus DEI Exploiter”.
Additionally, the wallet holds $158,857 worth of DEUS tokens and $702,370 worth of stablecoins. usdc,
It is unknown at this point whether the rest of the missing funds will be recovered, and if affected users can count on full recovery.