Summary

This section of the Gitbook is currently being updated, as the DEUS team is actively involved in fund recovery and capturing snapshots of user balances to prepare for the return of the reclaimed funds. At present, the recovery rate for

We are currently estimating a recovery of 71%. (including all LPs across all chains)

Example with recovery values above: someone held 10000 $ as 5,000 DEI and 5,000 USDC he will be getting 5,000 fully backed DEI + 2100 USDC back = 71% recovered

Incident

On 5th May at approximately 19:52 Berlin Time, the DEUS Finance project and its DEI token listed on the Chronos Exchange on the Arbitrum platform experienced a significant security breach due to a bug in the DEI token implementation. An unknown attacker exploited the implementation and stole all funds from the underlying Liquidity Pool. Amidst the turmoil, numerous users bought, sold, and transferred their DEI tokens, exacerbating the situation. The projected loss for users of the DEUS Finance platform currently stands at approximately 10 million.

Recovering funds

The team opened communication channels with the attacker through on-chain messages, recovering 4 million in stablecoins from the initial 5m lost.

Other whitehats helped to rescue and return funds, in total 1.5m USDC.

On BSC, we secured 1,070,127 DAI, held at this address: 0x7f5ae1dc8d2b5d599409c57978d21cf596d37996.

Holdings from the USDC depeg in the multi-signature wallet (msig), with the address 0x5b598261c2a8a9b2fb564ff26be93b79a87e554d.

The holdings are as follows: 1,955,000 DAI 1,161,000 USDT 450,000 USDD 200 USDC

On Fantom (FTM), the PoolUSDC holds 2,466,698 at these address: 0x6e0098a8c651f7a6a9510b270cd02c858c344d94

In summary, we have successfully solidified our liquid assets position. Considering all the transactions mentioned earlier and holdings, our total liquid assets as DEI backing currently stand at 12,016,223.

Key Events and Findings:

1. 5th May, 19:52 Berlin Time. - Initial detection of unauthorized activity within the Chronos Exchange. An unknown attacker exploits a bug in the DEI token implementation, stealing all funds from the Liquidity Pool.

2. On 5th May, shortly after the attack - the DEUS team was notified of the issue and reacted to identify the root cause and stop the attack, involving whitehats and creating a war room. However, panic ensues as users buy, sell, and move their DEI tokens, further damaging others.

3. 5th May, late-night - The DEUS team contacts Circle and the Arbitrum Foundation to discuss freezing the hacker's funds without success. The hacker swaps his stolen USDC into wETH potentially to protect himself from Circle freezing his account. The DEUS team freezes all contracts and whitehats abusing the exploit to burn DEI from all users directly, removing their balances.

4. 6th May - DEUS team collaborates with Chainalysis, an intelligence agency specializing in cryptocurrency-related crime cases, to create a case report and open a criminal case.

5. 7th May - Another message is being sent to the main attacker to motivate him to communicate, and an official case report with the police is being filed.

6. 7th May - Initial attacker responded to the team's message and successfully returned 2023 ETH to the team that was swapped into USDC, and brought the total recovered funds to 12,734,935.84.

7. 8th May & still ongoing, the DEUS team has been laboring tirelessly to reinstate DEI balances. The unique nature of the attack presented whitehats with opportunities to halt the hack by taking advantage of the exploitable burnFrom implementation to eradicate and burn all user balances, thereby mitigating the potential for further damage. However, this proactive measure has resulted in the restoration of balances being an enormous task, likely to take at least two weeks or potentially longer. We are currently dedicating most of DEUS' resources to this task and will continue to provide updates as more information becomes available.