Inverse Finance Hacked, Around $15.6M Lost | CoinCodeCap

April 3, 2022
CoinCodeCap , Security Breaches
0

Key Takeaways:

  • Inverse Finance is currently investigating this attack, and they have lost around $15.6M in the form of 1588 ETH, 94 WBTC, 4M DOLA, and 39.3 YFI

Inverse Finance is a suite of permissionless decentralized finance tools governed by Inverse DAO, a decentralized autonomous organization running on the Ethereum blockchain. The main Inverse Finance products are Anchor and DOLA stablecoin.

Details of the Inverse Finance Hack

So around 4:52 PM IST Peckshield tweeted about this attack with the link of attacker’s transaction.

Firstly, the attacker withdrew 901 ETH from Tornado Cash. Then they transferred around 1.5 ETH to 241 clean addresses via Disperse and deployed five different smart contracts, out of which only one was real.

Inverse Finance Hacked, Around $15.6M Lost

The attacker then swapped 500 ETH to 1.7k INV so that it went through the INV-WETH pair on SushiSwap, significantly changing the price due to low liquidity, i.e., 50x.

Inverse Finance Hacked, Around $15.6M Lost

At the same time, the attacker started spamming transactions with an exploit to be the first to get into the next block and get an inflated price from SushiSwap. Attackers used multiple addresses and additional contracts to confuse generalized bots, which could front-run the attacker.

Inverse Finance Hacked, Around $15.6M Lost

This hack is made possible due to the price oracle manipulation bug so that when the INV (with highly manipulated price) is used as collateral to drain assets from InverseFinance.

Inverse Finance Hacked, Around $15.6M Lost
Inverse Finance Hacked, Around $15.6M Lost

The attacker deposited his 1.7k INV (fair price – $644k) as collateral and borrowed $15.6M.

Inverse Finance Hacked, Around $15.6M Lost

Meanwhile, Inverse Finance Team has tweeted that, we are currently addressing the situation please wait for an official announcement. As of now, i.e., 6:10 PM IST 73.5 ETH are still in the hacker’s account. As a result of this attack price of its native token is down by 15%.

Go to Source

Hey, like this? Why not share it with a buddy?

Leave a Reply

ajax-loader
X