Inverse Finance, a decentralized autonomous organization (DAO) has suffered a flash loan assault, where hackers stole $1.26 million in Tether (USDT) and Wrapped Bitcoin (WBTC). This comes just two months after the Defi exchange witnessed an exploit where the hackers siphoned $15.6 million in a price oracle manipulation exploit.
"Inverse Finance’s Frontier money market was subject to an oracle price manipulation incident that resulted in a net loss of $5.83 million in DOLA with the attacker earning a total of $1.2 million," the organization said.
Inverse Finance is an Ethereum-based decentralized finance (DeFi) protocol that facilitates the borrowing and lending of cryptos.
The latest exploit worked by employing a flash loan attack where hackers take a flash loan from a Defi platform. Subsequently, they pay it back in the same transaction, causing the price of the crypto asset to surge and then quickly withdraw their investments.
Upon discovering the attack, the defi protocol temporarily paused borrowing and took down DOLA stablecoin from the money market saying that it is investigating the incident, while no user funds were at risk.
It later confirmed that only the hacker’s deposited collateral was impacted in the incident. In a tweet, the company requested the attackers to return the funds in return for a “generous bounty”.
The hacker in total secured 99,976 USDT and 53.2 WBTC from the attacks. As soon as the hack was successful, the attackers routed the funds via Tornado Cash, a cryptocurrency mixing or tumbling protocol designed to obscure where funds came from. Coincidentally, the service is popular for money laundering.
It should be noted that the significant rise in Defi which facilitates crypto-denominated lending outside traditional banking, has been a major factor in the increase in stolen funds and frauds. Threat actors have targeted DeFis the most, in yet another warning for those dabbling in this emerging segment of the crypto industry.
“DeFi is one of the most exciting areas of the wider cryptocurrency ecosystem, presenting huge opportunities to entrepreneurs and cryptocurrency users alike,” as per a report by Chainalysis.
Last year, more stolen funds flowed to DeFi platforms (51 percent) and centralized exchanges received less than 15 percent of the total stolen funds, Chainalysis wrote in its annual Crypto Crime report. “This is likely due to exchanges’ embrace of AML and KYC processes, which threaten the anonymity of cybercriminals,” the report added.
