Another day, another DeFi hack, as this popular Ethereum-based lending protocol had a multi-million dollar exploit. Inverse Finance, a loan-focused decentralized financing protocol, lost more than a $15 million loss.
Sad day for DeFi
Another prominent decentralized financial protocol has fallen victim to a crippling security breach. Inverse Finance, a stablecoin protocol that focuses on capital-efficient revenue generation, got drained in an exploit on April 2. It led to a loss of $15.6 million in digital assets.
PeckShield, a blockchain analytics company, first marked this situation.
Hi, @InverseFinanceyou might want to take a look: https://t.co/KHHWAozWj1
— PeckShield Inc. (@peckshield) Apr 2, 2022
The team acknowledged the situation in a tweet on Saturday morning, to post“We are currently addressing the situation, waiting for an official announcement.” Similarly posted on the Discord server for InverseDAO, the governance structure for the protocol.
This is what happened
PeckShield explained in a series of tweets that the hacker deposited 901 Ethereum in the protocol and used an oracle manipulation bug to manipulate the price of Inverse’s INV token. They then used INV as collateral to borrow assets and dispose of the protocol.
the hacker drained millions of dollars in YFI, WBTC and Inverse’s proprietary DOLA token of the protocol. Later, decentralized exchanges like Uniswap used to trade the assets for Ethereum. Finally, the Ethereum wallet connected the hacker transferred 4,200 Ethereum worth about $14.6 million through Tornado Cash’s transaction mixer to cover their tracks.
4) The initial funds to launch the hack will be withdrawn from @TornadoCash and most result profits are deposited into @TornadoCash† Currently, 73.5 ETH still remains in the hacker’s account. We actively monitor this address for any movement. pic.twitter.com/ghkNphyfXh
— PeckShield Inc. (@peckshield) Apr 2, 2022
Further blockchain data indicated that: some of the ETH holdings operated were sent to Tornado Cash, a popular transaction mixer on the Ethereum network.
In the latest update on April 4, the team addressed users with the following:
“Update on our work to address yesterday’s price manipulation incident: We are modeling multiple ways to return money to those affected, including working with Inverse partners.”
Additionally, to inject some post-exploit certainty, the team’s twitter account claimed†
2. DOLA – the anti-fragile stablecoin – continues to maintain its USD peg with the help of the DOLA Fed. No governance token gimmicks and no fiat injections required…
— Inverse+ (@InverseFinance) Apr 3, 2022
The Inverse team has paused future lending on its Anchor platform. Later submitted a board proposal to compensate affected users. Needless to say, the native token is directly affected by this unfortunate event.
INV has plummeted in the hours since the hack. It is down 17.1% on the day and is trading at around $314. At the time of writing, the token suffered another 7% setback when it traded around $318. When we look at the bigger picture, three massive exploits in a week are no joke and cause for concern.
This post Third in a week: Yet another ETH-based DeFi protocol suffers a $15.6 million exploit
was published first on https://ambcrypto.com/third-in-a-week-yet-another-eth-based-defi-protocol-suffers-a-15-6-million-exploit/
