Ethereum-based DeFi protocol, Inverse Finance faces a fresh flash loan exploit to the tune of $1.26 million in USDT and Wrapped Bitcoin (wBTC). This comes on the heels of an earlier exploit in April, where it lost cryptocurrencies worth $15.6 million. The hackers were reported to have manipulated the price oracle for an LP token in the latest attack.
Inverse Finance allows flash loans to be conducted on its platform. Users can borrow and return a loan within a single transaction. The price oracle is a feature that feeds with protocols external pricing information of cryptocurrencies.
However, the attackers capitalized on an error in price feeds to pull the heist. They borrowed an amount of the protocol’s stablecoin— Dola (DOLA), larger than the collateral deposited, claiming the difference.
Read also;
Exploited Defi Project Akropolis Offers $200000 Bounty to Recover $2m Stolen Funds
Defi Protocol Harvest Finance Exploited and Drained of $24 Million by Well-Known Attacker
A Look at Major DeFi Protocols that has been Exploited in 2020
Responding to the attack, Inverse Finance claimed users’ funds were not affected and has since gone ahead to temporarily pause borrowing, including removing the DOLA stablecoin from its money market.
In addition, the protocol confirmed that it only incurred losses to itself, adding that the attackers’ deposited collateral was also affected. The attacker has been offered a bounty in return for the stolen funds.
The Inverse Finance exploit follows a series of hacks on DeFi protocols, leading to the loss of several millions of dollars. Deus Finance and Beanstalk Farms have all suffered similar exploits within the year, losing over $3 million and $182 million, respectively.
Blockchain security firm, BlockSec provided further details on the Inverse Finance attack;
“The attacker borrowed 27,000 wBTC in a flash loan, converting a small amount to the LP token used to provide collateral in Inverse Finance so users can borrow crypto assets.”
The remaining wBTC was converted to USDT, resulting in a large increase in the price of the attacker’s collateralized LP token in the eyes of the price oracle. Due to the increased value of these LP tokens following the price increase, the attacker borrowed more DOLA stablecoin than usual.
Since DOLA was worth far more than the collateral deposited, the attacker exchanged the DOLA for USDT and then reversed the earlier wBTC—USDT swap to refund the initial loan.
