Quadriga Initiative Logo.png

QUADRIGA INITIATIVE

CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM

A COMMUNITY-BASED, NOT-FOR-PROFIT

UNKNOWN

APRIL 2022

GLOBAL

DEUSDAO

DESCRIPTION OF EVENTS

"Muon is checking for SWAPS inside of solidly pool, we were working on changing that together with muon to add more sources and filter out transactions..."

 

"The attacker used some strange way of swapping, I am still looking into that. Basically "faking" a swap of ~2M USDC to 100k DEI, he manipulated the Muon VWAP price with it."

 

"Then the attacker used a flash loan to manipulate onchain price, as we are checking MUON > OnChain against the other."

 

"IT WAS NO FLASH LOAN ATTACK. it was something more sophisticated, only possible through abusing the fact that Muon only used ONE DEX as source, in the next upgrade that wouldn't be possible anymore"

 

"No user lost any money, the loss is on the protocol. Which we will cover through our veDEUS going forward."

 

"We are working together with Teams from CEXs and other agencies to recover the funds."

 

"The dev team is working on the DEI situation.

 

1. User funds are safe. No users were liquidated. 2. DEI lending has been temporarily halted. 3. $DEI peg has been restored."

 

"Closing in on the hacker @binance has frozen the assets of the suspected hacker's account as the investigation has officially commenced.

 

An action-fraud case has been opened with England's Cyber Action Fraud Police regarding the recent exploit."

 

"After scrutiny, the Foundation believes the DEUS Finance Eulogy initiative for restoration and stabilization of the fUSD peg is worth considering. Please vote to either support or oppose this plan."

Muon was being used to detect SWAPS within a solidly pool, but efforts were underway to enhance it by adding more sources and filtering transactions. The attacker manipulated Muon's VWAP price by falsely swapping ~2 million USDC for 100,000 DEI in an unconventional way. They also employed a flash loan to manipulate on-chain prices, taking advantage of Muon's use of only one DEX as a source. However, it wasn't a typical flash loan attack but something more sophisticated. Fortunately, no users lost money; the protocol absorbed the loss, and it will be covered through veDEUS. Efforts are being made, in collaboration with centralized exchanges and other entities, to recover the funds.

@DeusDao Twitter (Oct 26)
@DeusDao Twitter (Oct 26)
@FantomFDN Twitter (Oct 26)
@lafachief Twitter (Oct 26)
Fantom Transaction Hash (Txhash) Details | FtmScan  (Oct 26)
@DeusDao Twitter (Oct 26)
@DeusDao Twitter (Oct 26)
@0xOtw Twitter (Oct 26)
DEUS Finance AMA with 0xDAO 20 April - YouTube (Oct 26)
@DeusDao Twitter (Oct 26)
Fantom Transaction Hash (Txhash) Details | FtmScan  (Nov 9)
DEUS Finance Exploiter 2 | Address 0x701428525cbac59dae7af833f19d9c3aaa2a37cb | FtmScan  (Sep 14)

Sources And Further Reading

More case studies

Memeland Memelisted
Sale Scammers

Near Protocol Rainbow Bridge
First Attack Mitigated

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.