Now Loading



Just two months after losing $ 15.6 million in oracle price exploits, Inverse Finance was hit by a flash loan that saw attackers exit $ 1.26 million in Tether (USDT) and Wrapped Bitcoin (wBTC).

Inverse Finance is an Ethereum-based decentralized finance (DeFi) protocol and flash loan is a type of crypto loan that is usually borrowed and repaid within a single purchase. Oracle reports foreign price information.

Recent exploits have been exploited by borrowing money to exploit the money provider’s (TP) price tag used by the contract money market app. This allowed the attacker to borrow a larger amount of the stablecoin protocol, Dollar (DOLA), rather than the security amount he sent, which allowed them to pocket the difference.

The attack comes just two months after the same exploitation on April 2, when the attackers deliberately tampered with the price of token collections using the price oracle to withdraw money at inflation.

Responding to the attack, Inverse Finance temporarily suspended lending and withdrew DOLA from the money market while investigating the incident, saying no consumer funds were at risk.

He later confirmed that only the collateral imposed on the attacker was involved in the incident and that he had obtained a loan for stolen dollars. He encouraged the attacker to return the money to get "more money."

In total, the attackers received 99,976 USDT and 53.2 wBTC from the attack, converted them to ETH before shipping it all with the cryptocurrency mixer Tornado Cash, trying to hide the gains gained incorrectly.

The previous attack in April saw the attackers exit $ 15.6 million Ether (ETH), wBTC, Yearn.Finance (YFI) and DOLL.

DeFi market area Deus Finance suffered a similar exploitation in March, with attackers tricking price-sharing within the oracle resulting in profits of 200,000 Dai (DAI) and 1101.8 ETH, worth more than $ 3 million at the time.

Beanstalk Farms, a protocol-based stablecoin protocol, lost a total of $ 182 million in attacks on loans caused by two malicious management proposals that, in the end, took all the money out of the protocol.

How the recent attack went down

Blockchain security company BlockSec analyzed that the attacker borrowed 27,000 wBTC on a flash loan, converting a small amount of LP token used to send collateral to Inverse Finance so users could borrow crypto assets.

The remaining wBTC has been converted to USDT, making the price of the attacker's combined LP token token very high in the oracle price range. With the value of these LP tokens now becoming more expensive due to rising prices, the attacker borrowed a larger amount than the stable stablecoin DOLL.

The DOLLAR was more expensive than the deposit, so the attacker switched to the DOLLAR to the USDT, and the previous exchange of wBTC to USDT was postponed to repay the initial loan.
source: cointelegraphy

How do you feel about this blog?


Leave a Reply