FTM at Yearly Low after Deus Finance Suffers $3M Hack

Within a week, two Fantom-based protocols were breached—Deus Finance and Fantasm Finance, with crypto worth millions of dollars siphoned away by hackers. Did Andre Cronje’s departure foreshadow this string of embarrassing code exploits?

Deus Finance Exploited for $3 Million

Just as phishing is the most common online fraud, flash loan attacks are the most common code exploits in the world of blockchain. Specifically, those DeFi smart contract platforms that offer lending and borrowing services. The latest victim is Deus Finance belonging to the Fantom ecosystem, having been exploited for $3 million.

Deus Finance (DEUS) getting hit so badly is made worse by the fact it is not just a lending protocol like Aave. Instead, DEUS serves as an infrastructure for building financial instruments, such as options, futures, and synthetic stock trading.

As such, Deus Finance is available on seven blockchain networks, but primarily on Fantom. Regarding the specifics of the flash loan attack, it follows the usual pattern.

Fantom Flash Loan Attacks Explained

In traditional finance, banks require collateral for issuing loans. A mortgage is one of the most common ones in which a home is put forward as the loan’s backing. Therefore, if the borrower were to fail to repay the loan, the bank would seize the collateral. In the blockchain world, flash loans don’t have collateral, so the borrower cannot default on a loan.

This is made possible by blockchain’s transaction finality. In the case of Fantom, as per official definition by the Fantom Foundation, it has absolute finality:

Fantom offers absolute finality, which means that transactions can never be reverted like in networks with probabilistic finality.

Case in point, the user can borrow a number of tokens, use them in a smart contract and repay them by the end of the transaction. The collateral is unnecessary because if there is no repayment, the blockchain’s smart contract doesn’t complete its final state.

In other words, the flash loan is either guaranteed to be paid by the user or fails to execute. Typically, crypto traders use flash loans to take advantage of a token’s price differential, by buying tokens at a lower rate than when sold. This leads to both loan repayment and a nice profit.

The problem is, a vulnerable smart contract allows for this token-pair price differential to be artificially created. That is to say, an exploiter can use loaned tokens to flood the smart contract with either side of the trading equation. Simply put, they create slippage in which the resulting price between tokens is so high that it drains the contract from its liquidity.

In the case of the most recent Deus Finance flash loan attack, that drainage resulted in a $3 million loss.

Fantasm, Another Fantom-Based Protocol Lost $2.6 Million 5 Days Ago

Remarkably, in less than a week’s time from today’s hack, Fantasm Finance suffered a huge loss as well. Freshly launched this month, Fantasm operates on Fantom Opera, a permissionless (public) blockchain developed by the Fantom Foundation. On March 9th, Fantasm Finance reported an exploit worth $2.6 million in XFTM.

Fantom Finance is deep in the DeFi weeds. It launched as a platform to create synthetic tokens for the Fantom ecosystem. The wording “synthetic token” may seem redundant, but it makes sense. For example, Wrapped Bitcoin (WBTC) is a 1:1 representation of Bitcoin on the Ethereum blockchain as an ERC-20 token. Just so, Tether (USDT) is a 1:1 stablecoin representation of the dollar.

As you see, synthetic tokens are useful in making available other currencies on other platforms. Fantom Finance is there to provide such synthetic tokens specifically for the Fantom ecosystem. Therefore, XFTM is pegged to FTM, partially backed by the Fantasm (FSM) token. This is similar to how Terra (UST) stablecoin is algorithmically collateralized by the blockchain’s native Terra (LUNA) token.

Here comes the smart contract exploit potentiality. Hackers exploited a sloppy Fantasm smart contract in charge of minting XFTM by using FSM tokens instead of using both FSM and FTM as collaterals. You can follow the exact code line breakdown here.

After extracting liquidity, exploiter(s) then took the newly minted XFTM to the privacy-focused token-swap platform Tornado Cash to swap for ETH. With that said, the Fantasm Finance developer issued a tweet soon after, indicating that some of the drain was “whitehacked”, i.e. returned by the hackers.

“Whitehacked” is a term often used in experimental DeFi protocols to describe users who attack the protocol for the purpose of spotlighting smart contract vulnerability instead of thieving. This happened last August when Mr. White Hat committed an impressive $600 million DeFi vulnerability spotlighting.

Nonetheless, this bodes ill for the coding competence of the Fantasm Finance team. Speaking of Fantom-based protocols, this burst of smart contract exploits was not so unpredictable as one may think.

Join our Telegram group and never miss a breaking digital asset story.

Fantom Protocol Suffering Heavy Losses After Leadership Departure

This year is poised to be a particularly bad one for Fantom (FTM) investors. Last week, two of FTM founders, Andre Cronje as senior technical adviser and Antone Nell as a senior solutions architect, called it quits. Within a day of the news breaking out, FTM dropped by over 30%. Year-to-date (YTD), the Fantom project lost 57% of its value.

In that news item, we reported that it is commonly known that Andre Cronje warned investors to be careful when engaging DeFi projects. Not because they rely on a few key people, although that too is a liability, but because of code vulnerabilities.

“Cronje had in fact launched DeFi projects a few times with the warning that they were not yet finished. Despite this, people put a lot of money into them that was then stolen when vulnerabilities were exploited by hackers.”

That turned out to be true sooner than expected. With the Fantasm exploited for $2.6 million so soon after their exit, the compounding negative effect on the Fantom ecosystem is likely to continue to exert itself on the FTM price.

With that said, if we compare FTM’s price exactly a year ago, on March 15th, 2021, it was at $0.3681. At press time, FTM is at $1.18, representing a 220% increase. This gives Fantom investors plenty of leeways to consolidate.

Did you knowingly invest in DeFi projects that are known to be more on the experimental and riskier side of things? Let us know in the comments below.