Inverse Finance, large digital bank, is under attack; over $1.25 million in liquidity might be stolen
However, another protocol in the DeFi segment, Inverse Finance, has been attacked for the second time in less than three months. PeckShield analysts have shared details of attack vectors and tracking stolen funds.
Inverse Finance DeFi drained, here’s what’s special about this hack
According to a statement shared by the leading cybersecurity team PeckShield, Inverse Finance, an open-source protocol for lending/borrowing crypto assets, was hacked today, June 16, 2022.
2/ To illustrate, we use the above tx https://t.co/OaCemQfWug and show the key steps below: pic.twitter.com/lTzhSyo1By
— PeckShield Inc. (@peckshield) June 16, 2022
To initiate the attack, the hackers used manipulation by price operators. Oracles calculate LP asset prices using data on the number of assets in this or that liquidity pool. To perform this manipulation, the attackers leveraged Aave’s express loan (AAVE) in Curve Finance (CRV) and borrowed Inverse Finance’s asset, DOLA, at extremely low rates. The DOLA is then converted to USDT to repay the initial loan.
As a result, the hacker transferred 1,000 Ethers to the Tornado Cash transaction tampering service. Also, 68 ETH is in the attacker’s account. The Inverse Finance team confirmed that the protocol was hacked; all lending/borrowing activities are halted while an internal investigation is underway.
Additionally, PeckShield revealed that the hack could have been performed by a bot running before the “original attack”. However, DeFi veteran Banteg, a contributor to Yearn.Finance, emphasized that the bot will never withdraw so quickly.
The attack on Inverse Finance in April resulted in the loss of $15.6 million as the price of the INV token is at high risk of inflation.
Read more:
- An Exploit In Market Maker’s Smart Contract Led To The Loss Of 20 Million Optimism (OP) Tokens
- Crypto Lending Platform Celsius Would Be Pausing Withdrawals, Swaps, And Transfers Due To “Extreme Market Conditions”