Inverse Finance, a decentralised lending protocol built on Ethereum, has lost over US$1.2 million in the industry’s latest DeFi hack:
To make matters worse, this is the second such incident for Inverse Finance after US$15.6 million was stolen in an exploit just three months ago.
Flash Loan Attack
Flash loans are DeFi-specific crypto loans in which large amounts of capital can be borrowed with little collateral, provided the loan is paid back within the same transaction.
While typically used by traders, hackers have demonstrated success in being able to trick a protocol’s smart contract into manipulating prices and then taking over the liquidity pool’s assets.
This is a so-called “flash loan attack”, a technique utilised by the exploiter in this latest incident, confirmed by security firm PeckShield:
On-chain data reveals that the culprit flash-borrowed 27,000 wrapped bitcoin from lending protocol Aave to conduct the attack. The funds were subsequently routed through swap service Curve for various stablecoins before being used to remove DOLA, a stablecoin, from Inverse Finance pools.
In total, the exploiters managed to steal more than 53 bitcoin, worth US$1.1 million, and 10,000 tether (USDT). As a result, Inverse implemented a temporary pause on its lending:
Since the exploit, an address tagged “Inverse Finance Exploiter” has apparently been sent 900 ETH, worth around US$1 million, to Tornado Cash, a privacy mixer often used when attackers wish to conceal their funds.
‘Generous Bounty’ Offered
In a post-mortem, Inverse Finance encouraged the person(s) behind the incident to return the funds for a “generous bounty”. And to mitigate the risk of further incidents, it added that it had retained the services of security experts to not only further understand the breach, but also to prevent further such instances in the future.
Disclaimer:
The content and views expressed in the articles are those of the original authors own and are not necessarily the views of Crypto News. We do actively check all our content for accuracy to help protect our readers. This article content and links to external third-parties is included for information and entertainment purposes. It is not financial advice. Please do your own research before participating.
Credit: Source link
