Just two months after losing $15.6 million in an oracle price manipulation exploit, Inverse Finance was hit again by a flash loan exploit that saw attackers make off with $1.26 million worth of Tether ( USDT) and Wrapped Bitcoin (wBTC).
Inverse Finance is a decentralized finance (DeFi) protocol based on Ethereum and a flash loan is a type of crypto loan that is usually borrowed and paid back in a single transaction. Oracles report external price information.
The latest exploit worked by using a flash loan to manipulate the price oracle for a liquidity provider (LP) token used by the protocol’s money market application. This allowed the attacker to borrow a larger amount of the protocol’s stablecoin, Dola (DOLA), than the amount of collateral they sent, allowing them to pocket the difference.
The attack comes just over two months after a similar April 2 attack. blowin which the attackers artificially manipulated the prices of collateralized tokens via a price oracle to drain funds using the inflated prices.
In response to the attack, Inverse Finance temporarily halted lending and removed DOLA from the money market while it investigated the incident, saying user funds were not at risk.
Inverse has temporarily paused lending following an incident this morning in which DOLA was removed from our money market, Frontier. We are investigating the incident, however user funds were not taken or at risk. We are investigating and will provide more details soon.
— Inverse+ (@InverseFinance) June 16, 2022
He later confirmed that only the collateral posted by the attacker was affected in the incident and he only owed himself a debt due to the stolen DOLA. He encouraged the attacker to return the funds in exchange for a “generous reward.”
Related: Attackers loot $5 million from Osmosis in LP exploit, $2 million returned shortly after
In total, the attackers made 99,976 USDT and 53.2 wBTC from the attack, exchanging it into ETH before sending it all through cryptocurrency mixer Tornado Cash, attempting to obfuscate the ill-gotten gains.
Previous attack in April, attackers made off with $15.6 million worth of Ether (ETH), wBTC, Yearn.Finance (YFI), and DOLA.
DeFi marketplace Deus Finance suffered a similar exploit in March, when attackers manipulated a price match within an oracle that generated a profit of 200,000 Dai (DAI) and 1,101.8 ETH, worth more than USD 3 million at that time.
Beanstalk Farms, a credit-based stablecoin protocol, lost all $182 million in collateral in a flash loan attack caused by two malicious government proposals, which in the end, depleted all of the protocol’s funds.
How the last attack happened
Blockchain security firm BlockSec analyzed that the attacker borrowed 27,000 wBTC in an instant loan, exchanging a small amount for the LP token used to post collateral on Inverse Finance so users can borrow crypto assets.
The remaining wBTC was swapped into USDT, causing the price of the attacker’s guaranteed LP token to rise significantly in the eyes of the price oracle. Since the value of these LP tokens is now worth much more due to the price increase, the attacker borrowed a larger than usual amount from the DOLA stablecoin.
The value of DOLA was worth much more than the collateral deposited, so the attacker swapped DOLA to USDT, and the previous swap from wBTC to USDT was reversed to pay off the original flash loan.
This post Reverse finance exploited again for $1.2 million in flash loan oracle attack
was published first on https://cointelegraph.com/news/inverse-finance-exploited-again-for-1-2m-in-flashloan-oracle-attack