Inverse Finance (INV), an Ethereum-based lending system, announced on Saturday that it had been hacked and that an attacker had made off with $15.6 million in cryptocurrencies.

According to Inverse, the attacker went after the Anchor money market, intentionally distorting token prices to borrow money with very little collateral.

This is the third multimillion-dollar hack of decentralized finance (DeFi) technology to hit the news this week, highlighting attackers’ increasingly sophisticated tactics. On Tuesday, the gaming-focused Ronin Network declared a crypto loss of almost $625 million. Ola Finance, a lending protocol, announced two days later that it had been hacked for $3.6 million.

The Inverse attacker took use of a vulnerability in a Keep3r pricing oracle that Inverse employs to track token prices, according to blockchain security firm PeckShield. The attacker deceived the oracle into believing that the cost of Inverse’s INV token was extraordinarily high and then used the inflated INV as collateral for multimillion-dollar loans on Anchor.

Also, read – Which is the best blockchain for creating a DAO?

The hack was well-funded; to carry it off, the attacker first withdrew 901 ETH (about $3 million) from Tornado Cash, a cryptocurrency that allows users to send money without leaving a trail. The mysterious funds were subsequently pumped into multiple trading pairings on the decentralized exchange SushiSwap, increasing the price of INV in the view of the Keep3r price oracle.

The attacker then took out INV-backed loans on Anchor once the price of INV had risen sufficiently before arbitrageurs reduced the cost of INV back down to normal levels. According to a PeckShield official, the attack was high-risk because the $3 million worth of crypto used to deceive the pricing oracle would have been completely lost if the price of INV had returned to normal levels before the attacker took out the loans.

The attacker made off with 1,588 ETH, 94 WBTC, 39 YFI, and 3,999,669 DOLA. Most of the funds have been cycled back through Tornado Cash, making it difficult to predict where they will wind up, although 73.5 ETH (about $250,000) remains in the attacker’s initial Ethereum wallet.

Inverse said that all borrowing on Anchor had been temporarily halted. A spokesman for the protocol told CoinDesk that it is working with Chainlink to develop a new INV oracle. The Inverse also stated that it intends to propose its decentralized autonomous organization (DAO) to “guarantee that all wallets affected by the price manipulation are compensated 100 percent,” though it did not elaborate.

Stay informed with daily updates from Blockchain Magazine on Google News. Click here to follow us and mark as favorite: [Blockchain Magazine on Google News].

Disclaimer: Any post shared by a third-party agency are sponsored and Blockchain Magazine has no views on any such posts. The views and opinions expressed in this post are those of the clients and do not necessarily reflect the official policy or position of Blockchain Magazine. The information provided in this post is for informational purposes only and should not be considered as financial, investment, or professional advice. Blockchain Magazine does not endorse or promote any specific products, services, or companies mentioned in this posts. Readers are encouraged to conduct their own research and consult with a qualified professional before making any financial decisions.

About the Author: Diana Ambolis

Avatar of Diana Ambolis

you might also like