Barely two months after squandering $15.6 million in a value Oracle tampering hack, Inverse Finance was hit with another flashloan breach. This time, it leads to the disappearance of $1.26 million in Tether as well as Wrapped Bitcoin.
Inverse Finance is a DeFi system that Ethereum develops. Thus, a flashloan is a sort of cryptocurrency credit that they often acquire and return in a single trade outside Price Data that Oracle provides.
The most recent vulnerability utilizes a flashloan to alter the pricing oracle for a Liquidity Provider token. This is what the system’s money market service uses. Moreover, it will let the perpetrator loan more of the protocol’s stablecoin DOLA than what they possess in collateral, allowing them to collect the excess.
Hackers Modify the Prices of Collateralized Tokens
The assault occurs just over two months after a comparable April 2 hack. This is when criminals intentionally manipulate collateralized coin values via price oracle in order. Their purpose is to drain cash by utilizing extortionate prices.
In reaction to the assault, Inverse Finance freezes borrowing and pulls out its DOLA stablecoin from the financial markets while examining the situation. They are claiming that no customer funds were in danger.
After an event this morning in which they remove DOLA from the money market, Frontier temporarily stops borrowing. They are looking into the situation, and no one was in danger. They eventually discover that the incident solely damages the attacker’s collateral.
Furthermore, as a result of the stolen DOLA, they are charging themselves. It urges the assailant to return the money in exchange for a generous reward. The attacker obtains 99,976 USDT and 53.2 WBTC from the hack. This is what they convert to ETH before passing it via the crypto aggregator Tornado Cash in an effort to disguise the ill-gotten profits.
The last incident in April culminates in the theft of $15.6 million in ETH, WBTC, YFI, as well as DOLA.
In March, the DeFi exchange Deus Finance becomes a victim of a similar hack. The hackers are altering a price matching within an oracle. This culminates in a profit of 200,000 Dai and 1101.8 ETH, worth more than $3 million in total.
How the Most Recent Assault Occur
In a flash loan assault, Beanstalk Farms, a lending stablecoin platform, lost all $182 million in collateral. This it is due to the two fraudulent governance proposals that eventually suck all money from the system.
The perpetrator acquires 27,000 WBTC in a flashloan, switching a minor amount to the LP coin that they use to deposit security in Inverse Finance for users could loan digital currencies.
They then convert the other WBTC to USDT. This leads the assailant’s LP token’s price to skyrocket in the perspective of the pricing oracle.