Multimillion-dollar hacks have become the standard news within the crypto space, and a new victim has joined the list.
Popular Ethereum-based lending protocol Inverse Finance announced that it suffered an exploit on Saturday, leading to the loss of $15.6 million worth of digital assets.
How the exploit happened
The DeFi protocol announced the development on Twitter, stating that the attacker exploited its Anchor money market and manipulated the token prices, so they could borrow loans against very low collateral.
Blockchain security firm Peckshield analyzed the attack and reported that the hacker exploited a vulnerability in the Keep3r price oracle used by Inverse for tracking token prices.
The attacker was able to inflate the price of the Inverse token INV and used this inflated token to take out a multimillion-dollar loan.
It also noted the incredible efforts that went into the attack and the amount the hacker spent. The hacker withdrew 901 ETH through Tornado Cash and sent the funds into several trading pair pools on SushiSwap.
This enabled the attacker to deceive Keep3r oracle and inflate the INV price enough to use it as collateral for the loan.
The hacker stole 3,999,669 DOLA, 1,588 ETH, 94 WBTC, and 39 YFI. Almost all the stolen assets have been funneled into Tornado Cash. But the hacker’s wallet still holds 73.5 ETH.
PeckShield noted that the Inverse attack was a well-planned but high risk. The hacker could have lost all their 901 ETH if the price of INV fell back to normal levels before they executed the attack. For many in the crypto community, this shows just how sophisticated bad actors are in gaming the system.
So far, Inverse has suspended Anchor borrowing. The lending protocol also stated that it’d propose to its DAO to refund every wallet affected by the hack.
Three DeFi Exploits in one Week
With this attack, the number of popular DeFi hacks this week alone has reached three. On March 29, the Ronin network, which supports Axie Infinity, announced that it had lost $625 million to hackers through an exploit of its bridge. Lending protocol, Ola Finance also reported on March 31 that it was exploited for $3.6 million.
The nature of all of the aforementioned attacks would help to rehash the skepticism and thoughts of regulators who believe that crypto investments would only lead to the loss of investors’ funds and nothing else.
But the response of each team offers some respite, as they all appear bent on helping their users get their stolen funds back.
What do you think about this subject? Write to us and tell us!
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.