Another open-source lending technology is the latest target of the hacking community. On Saturday, Inverse Finance, an Ethereum-based lending platform, said that it had been hacked. According to allegations in the media, cryptocurrency worth $15.6 million in total was stolen.
About the hack
Using a flaw in the Keep3r pricing oracle, the Inverse attacker fooled the oracle into believing that the value of the Inverse INV token had surged, according to blockchain security company PeckShield.
Tornado Cash, which is often used to disburse crypto without leaving a trace, was apparently breached and 901 ETH, or around $3 million, was stolen.
Once the attacker had done that, according to reports, the mysterious funds were pumped into a number of trading pairs on the SushiSwap DeFi exchange, driving up the INV price in the eyes of the Keep3r oracle.
When the price had risen enough, the attacker pulled out the loans before arbitrageurs could lower them.
After manipulating token values to push them down, the hacker attacked the Anchor (ANC) money market and obtained loans with little collateral, reports said.
As of this writing, 73.5 ETH (approximately $250,000) remains in the attacker’s initial Ethereum wallet, which means it’s impossible to predict where this $250,000 will end up.
Inverse’s take on the issue
This morning Inverse Finance's money market, Anchor, was subject to a capital-intensive manipulation of the INV/ETH price oracle on Sushiswap, resulting in a sharp rise in the price of INV which subsequently enabled the attacker to borrow $15.6 million in DOLA, ETH, WBTC, & YFI
— Inverse+ (@InverseFinance) April 2, 2022
According to Inverse’s statement, all borrowing on Anchor has been put on hold for the time being.
According to a statement from Inverse, its decentralized autonomous organization (DAO) would guarantee that all wallets that were harmed by the price manipulation are reimbursed 100%, but no additional information was given.
This is the third hack of the week
This week has seen a number of attacks against DeFi protocols, demonstrating the sophistication of the strategies used by attackers.
Ronin Network recently announced a loss of $625 million in crypto. Ola Finance then revealed that $3.6 million had been stolen from it.
***