Crypto Updates

Inverse Finance exploited again for $1.2M in flashloan oracle attack

Inverse Finance exploited again for $1.2M in flashloan oracle attack


Just two months after losing $15.6 million in a price oracle manipulation exploit, Inverse Finance has again been hit with a flashloan exploit that saw the attackers make off with $1.26 million in Tether (USDT) and Wrapped Bitcoin (WBTC).

Inverse Finance is an Ethereum based decentralized finance (DeFi) protocol and a flashloan is a type of crypto loan that is usually borrowed and returned within a single transaction. Oracles report outside pricing information.

The latest exploit worked by using a flashloan to manipulate the price oracle for a liquidity provider (LP) token used by the protocol’s money market application. This allowed the attacker to borrow a larger amount of the protocol’s stablecoin DOLA than the amount of collateral they posted, letting them pocket the difference.

The attack comes just over two months after a similar April 2 exploit which saw attackers artificially manipulate collateralized token prices through a price oracle to drain funds using the inflated prices.

In response to the attack, Inverse Finance temporarily paused borrowing and removed its DOLA stablecoin from the money market while it investigated the incident, saying no user funds were at risk.

It later confirmed that only the attacker’s deposited collateral was affected in the incident and only incurred a debt to itself due to the stolen DOLA. It encouraged the attacker to return the funds in return for a “generous bounty”.

Related: Attackers loot $5M from Osmosis in LP exploit, $2M returned soon after

In total, the attacker’s gained 99,976 USDT and 53.2 WBTC from the attack, swapping them to ETH before sending it all through the cryptocurrency mixer Tornado Cash, attempting to obfuscate the ill-gotten gains.

The previous attack in April saw attackers make off with $15.6 million in ETH, WBTC, YFI and DOLA.

DeFi marketplace Deus Finance suffered from a similar exploit in March, with attackers manipulating a price pairing within an oracle leading to a gain of 200,000 Dai (DAI) and 1101.8 ETH worth over $3 million at the time.

Beanstalk Farms, a credit based stablecoin protocol lost all $182 million worth of collateral in a flash loan attack caused by two…

Click Here to Read the Full Original Article at Cointelegraph.com News…