The string of DeFi hacks continued to ensue in the crypto market, with the latest victim being Inverse Finance. It suffered a fresh exploit on 16 June worth $1.2 million. It is the latest attack on the protocol after April’s $15.6 million exploits. The PeckShield team released the post-mortem soon after the incident but investors remain on alert.
An attacker was able to get away with $1.2 million by exploiting a flash loan on Inverse Finance. The attack was made possible by the price oracle manipulation. As per the Inverse summary, the price of the LP token was manipulated much higher to execute the attack.
Per PeckShield, the attack was started with an initial fund of 1 ETH which is withdrawn from Tornado Cash. Currently, 68 ETHs in illicit gains are resting in the hacker’s account. Another 1000 ETHs were deposited to Tornado Cash afterward.
Source: PeckShield
As per Inverse, this is how the attack came about,
The affected market—yvcrv3crypto—utilized Chainlink price data instead of the internal exchange rate of the Curve protocol, which allowed the attacker to flash-borrow 27,000 in wBTC and trade it into the tri-crypto pool, which caused the price of the yvcrv3crypto LP token to jump in value, in the eyes of the oracle and created an opportunity to borrow DOLA against that collateral in Frontier.”
The Inverse team released information that DOLA remained resilient against the attack. Moreover, the amount of DOLA liquidity deployed across DOLA Fed contracts also functioned effectively.
<p lang=«en» dir=«ltr» xml:lang=«en»>Inverse has temporarily paused borrows following an incident this morning where DOLA was removed from our money market, Frontier. We are investigating the incident however no user funds were taken or were at Read more on ambcrypto.com