Inverse Finance Loses $1.2 Million in a Flashloan Attack

17.06.2022 09:11
by Gabriel Cross
2 min read

Attackers have hit Inverse Finance, a DeFi protocol based on Ethereum, for $1.26 million in Wrapped Bitcoin (WBTC) and Tether (USDT). The attack happened just two months after Inverse Finance lost $15.6 million in a similar attack of the price oracle manipulation exploit type.

More specifically, a flashloan attack happened this time. Flashloan is a kind of crypto loan that is, usually, both borrowed and returned in a single investment. The attackers used it in order to manipulate the price oracle for the LP (liquidity provider) token. Thanks to this exploit, they were able to borrow a higher amount of the protocol’s stablecoin DOLA than what they’ve put as collateral. The attackers then cashed in the difference.

The total amount of stolen funds is 99,976 USDT and 53.2 WBTC. The funds were swapped to ETH and then sent through the cryptocurrency mixer Tornado Cash, in an attempt to obfuscate the stolen gains.

Inverse Finance has temporarily removed DOLA from the market and paused borrowing. However, no user funds are at risk. Namely, only the attackers’ collateral was affected. Inverse Finance incurred a debt to itself, but only because of the stolen DOLA. The company promises a “generous bounty” to the attacker, should he return the funds.

Author

  • Gabriel Cross used to be a bank officer for an international bank for many years. From this point of view, he says the time spent obtaining a degree in economics was a waste of time. A few years back, he decided to quit his job and start trading. He is obsessed with decentralized finance, but he often plays with the stock market, investing with great pleasure into ground-breaking tech solution startups.

Trending news

Subscribe and be in touch
Click here