Hackers use flash loans to attack multiple DeFi protocols

One after the another, DeFi protocols Deus, Agave, and Hundred reported multiple million-dollar exploits after hackers attacked their platforms using flash loans.

We are aware of the recent exploit reports regarding the $DEI lending contract.

Contract has been closed, both $DEUS & $DEI are unaffected. Devs are working on a summary of the events, all information will be communicated once we have assessed the full situation.

— DEUS Finance DAO (@DeusDao) March 15, 2022

Deus Finance, a crypto derivatives platform on Fantom protocol, reportedly lost over millions in Ether and DAI on Tuesday after a hacker used flash loans against the platform’s price oracles. While Deus did not reveal the exact amount of money that was stolen, security firm PeckShield estimated the exploit to be around $3 million.

Hackers transferred the stolen funds for 200,000 DAI and 1,101.8 ETH via the decentralized exchange Multichain. According to Etherscan data, the attacker subsequently laundered all the illegally acquired tokens via the privacy protocol “Tornado Cash.”

Deus has now released a post mortem report detailing the nature and timeline of the hack. The protocol has taken full responsibility for the hack and plans to reimburse all user funds from personal and DAO treasuries. The report read:

“This means that the sAMM inside the borrowing contract will be replenished and the balances of users that got affected will be restored to the value they had prior to the exploit.”

Similarly, two Gnosis chain-based protocols Agave and Hundred reported hacks of similar nature on March 15. The hackers have reportedly stolen about $11 million worth of Wrapped ETH, Wrapped BTC, Chainlink, USDC, Gnosis, and Wrapped XDAI in a re-entrancy attack.

Unfortunately Hundred and Agave have both been exploited on Gnosis chain today. Gnosis team is aware, investigation is ongoing.

All the Hundred markets on all chains paused for now.

These are the two transactions:
Hundred https://t.co/mdtViohijn
Agave https://t.co/RKB5MVx0O4

— Hundred Finance (@HundredFinance) March 15, 2022

“The underlying reason for the hack is that the official bridged tokens on Gnosis are non-standard and have a hook that calls the token receiver on every transfer. This enables reentrancy attacks,” Blockchain developer and security researcher Mudit Gupta tweeted, analyzing the reason behind the hack.

The post Hackers use flash loans to attack multiple DeFi protocols appeared first on Our Bitcoin News.