Attackers have hit Inverse Finance, a DeFi protocol based on Ethereum, for $1.26 million in Wrapped Bitcoin (WBTC) and Tether (USDT). The attack happened just two months after Inverse Finance lost $15.6 million in a similar attack of the price oracle manipulation exploit type.
More specifically, a flashloan attack happened this time. Flashloan is a kind of crypto loan that is, usually, both borrowed and returned in a single investment. The attackers used it in order to manipulate the price oracle for the LP (liquidity provider) token. Thanks to this exploit, they were able to borrow a higher amount of the protocol’s stablecoin DOLA than what they’ve put as collateral. The attackers then cashed in the difference.
The total amount of stolen funds is 99,976 USDT and 53.2 WBTC. The funds were swapped to ETH and then sent through the cryptocurrency mixer Tornado Cash, in an attempt to obfuscate the stolen gains.
Inverse Finance has temporarily removed DOLA from the market and paused borrowing. However, no user funds are at risk. Namely, only the attackers’ collateral was affected. Inverse Finance incurred a debt to itself, but only because of the stolen DOLA. The company promises a “generous bounty” to the attacker, should he return the funds.
Crypto Ping Pong Digest
Trash style news. You will definitely like