No user funds were affected by the exploitation, but Inverse Finance carried a loan and offered the attacker a grant to return the stolen funds.
Just two months after losing $15.6 million in price oracle manipulation exploits, Inverse Finance has once again fallen victim to a flash loan exploitation in which attackers make off with $1.26 million in Tether (USDT) and Wrapped Bitcoin (WBTC).
Inverse finance is an Ethereum-based decentralized financing (DeFi) protocol, and a flash loan is a type of crypto loan that is typically borrowed and repaid in a single transaction. Oracles report outside pricing information.
The latest exploitation work has been done using a flash loan to manipulate the value oracle for the liquidity provider (LP) token used by the protocol’s Money Market application. This allows the attacker to borrow a larger amount from the protocol’s stablecoin DOLA than the amount of their posted security, allowing them to pocket the difference.
The attack came just two months after similar exploitation on April 2 that saw attackers manipulate the parallel token price artificially through a price oracle to drain funds using inflated prices.
In response to the attack, Inverse Finance temporarily stopped borrowing and removed its DOLA stablecoin from the money market when it investigated the incident, saying no user’s funds were at risk.
It later confirmed that only the collateral of the attacker was affected by the incident and only carried a debt to himself due to the stolen DOLA. This encouraged the attacker to return the funds in exchange for “generous favors”.
In total, the attackers gained 99,976 USDT and 53.2 WBTC from the attack, switching them to ETH before sending it all through the cryptocurrency mixer Tornado Cash, attempting to obfuscate the ill-gotten gains.
The attackers made $ 15.6 million on ETH, WBTC, YFI, and DOLA before the April attack.
DeFi marketplace Deus Finance suffered a similar setback in March, with attackers manipulating a price pairing within an oracle leading to a gain of 200,000 Dai (DAI) and 1101.8 ETH worth over $3 million at the time.
Beanstalk Farms, a credit-based stablecoin protocol, lost all $182 million worth of collateral in a flash loan attack that eventually drained all funds from the protocol due to two malicious governance proposals.
Blockchain security firm BlockSec analysed that the attacker borrowed 27,000 WBTC in a flashloan so that users could borrow crypto assets so switched to a small amount of LP tokens used to post parallels to Inverse Finance.
The remaining WBTC was exchanged for USDT, resulting in a significant increase in the value of the attacker’s parallel LP token in Oracle’s view. With the value of these LP tokens now worth far more due to the price rise, the attacker borrowed a larger amount than usual of the DOLA stablecoin.
The value of the DOLA was much higher than the deposit, so the attacker swapped the DOLA to USDT, and the earlier WBTC to USDT swap was reversed to repay the original flashloan.
Leave a Reply