Another hacker targets Inverse Finance, stealing $1.3 million and causing a $5.8 million protocol breach.
On June 16, a hacker used oracle price manipulation flaws to steal roughly $1.3 million from Inverse Finance, resulting in a $5.8 million loss for the protocol. In a series of tweets, PeckShield, a blockchain security business, revealed the circumstances behind the incident. The DeFi protocol has been targeted for the second time in less than two months. In April, hackers broke into Inverse Finance, causing a $15.6 million loss. Following the attack, the website of Inverse Finance published a thorough report on the incident. According to the investigation, the attack took place on the yvcrv3crypto market, which used Chainlink price data instead of the Curve protocol’s internal exchange rate.
According to Inverse Finance, the price difference allowed the hacker to take out a 27,000 Wrapped Bitcoin (BTC) flash loan, which is a customized version of Bitcoin that is the same price as Bitcoin but can be utilized on the Ethereum (ETH) network. The hacker then swapped the BTC into the try crypto pool, causing a spike in the price of the yvcrv3crypto LP token on the price oracle and allowing the hacker to borrow DOLA — Inverse FInance’s stablecoin — on Inverse FInance’s Frontier platform against that collateral. 68 ETH from the stolen amount is still with the hacker, according to PeckShield, who used Etherscan data in a tweet, and 1,000 ETH has been put to Tornado Cash, a cryptocurrency mixer that combines multiple streams of potentially identifying coin to maximize anonymity.
Inverse Finance outlined a number of security steps, including intentions to recover the cash and enhance the DeFi platform’s security. This featured an open letter to the hacker pleading with him to return the funds in exchange for a “generous bounty.” Furthermore, the DAO pledged to make the data of the assault public to anyone wishing to assist in the recovery of the cash in exchange for a payment. Finally, Inverse FInance has halted borrowing on all assets on the Frontier platform but plans to restart borrowing on assets with Chainlink-only feeds and INV in the near future.