Skip to content
Est. MMXXVIVol. VI · № 273RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 090Oracle Manipulation

DEUS DAO StableV1 Oracle Manipulation

DEUS DAO lost $13.4M after pricing DEI collateral from a Solidly DEI/USDC pool that a flash-loan attacker moved, borrowing out the lending reserves.

Date
Victim
DEUS Finance
Chain(s)
BNB Chain
Status
Funds Stolen

On April 28, 2022, DEUS Finance / DEUS DAO suffered its second exploit of 2022 — approximately $13.4 million drained when an attacker manipulated the price oracle for DEI, the protocol's stablecoin, which DEUS read from a Solidly StableV1 DEI/USDC pair that a flash loan could move.

What happened

DEUS DAO's lending markets used DEI as collateral. The protocol priced DEI from a Solidly-style StableV1 DEI/USDC liquidity pair — a pool whose spot price was manipulable by anyone with enough capital, which a flash loan provides for free.

The attack:

  1. Flash-borrowed USDC to fund the manipulation.
  2. Skewed the StableV1 DEI/USDC pair by swapping into it, pushing the oracle-reported DEI price far above its true value.
  3. Deposited a modest amount of DEI as collateral on DEUS — valued, at the manipulated price, at far more than its real worth.
  4. Borrowed out the protocol's lendable reserves against the inflated collateral.
  5. Reversed the pair manipulation, repaid the flash loan, and walked with ~$13.4M.

This was DEUS DAO's second 2022 incident — an earlier exploit in March 2022 had drained ~$3M through a related oracle-manipulation vector. The protocol had not adequately hardened its oracle dependencies between incidents.

Aftermath

  • DEUS paused affected markets and announced compensation plans funded through protocol mechanisms.
  • The attacker laundered through Tornado Cash; no public recovery.
  • DEUS DAO suffered a third exploit in May 2023 ($6.5M), making it one of the most-repeatedly-exploited protocols in DeFi history.

Why it matters

DEUS DAO is a striking case for the repeat-incident fragility dynamic. Three exploits across 2022-2023, all involving oracle / pricing manipulation of the DEI stablecoin or related pools, demonstrate the recurring observation that post-incident remediation focused on the specific bug rather than the systemic root cause produces repeat exploits.

The systemic root cause at DEUS was consistent: pricing critical collateral from manipulable on-chain pools. After the March 2022 incident, the April 2022 incident exploited the same fundamental weakness through a different pool. After April, the May 2023 incident did it again. Each time, the team appears to have patched the specific manipulation path rather than adopting a manipulation-resistant oracle architecture across the board.

The lesson is the one the entire catalogue keeps teaching: the oracle is the trust boundary, and a protocol that has been oracle-exploited once and does not comprehensively re-architect its price feeds will be oracle-exploited again. DEUS DAO is one of the clearest multi-incident illustrations of exactly that.

Sources & on-chain evidence

  1. [01]halborn.comhttps://www.halborn.com/blog/post/explained-the-deus-dao-hack-april-2022
  2. [02]cryptobriefing.comhttps://cryptobriefing.com/defi-hacker-steals-13-4m-deus-finance-attack/
  3. [03]rekt.newshttps://rekt.news/deus-dao-r3kt-two/

Related filings