Ethereum-based lending protocol Inverse Finance (INV) announced on twitter on April 2 that it suffered an exploit worth $15.6 million cryptocurrencies.
Inverse had temporarily paused all borrowing on Anchor, and started working with Chainlink to build a new INV oracle, coindesk.com reported.
On the same day, Inverse announced that is modeling multiple paths for returning funds to those affected including working with Inverse partners
Blockchain security firm, PeckShield explained the way attacker exploited the vulnerabilities in INV :
* The attack that was well planned and executed according to Peck Shield stole 1,588 ETH, 94 Wrapped bitcoin (WBTC), 39 Yearn, Ethereum’s token (YFI) and 3,999,669 of INV’s native token (DOLA).
* The attacker took advantage of a vulnerability in the network of Keep3r price oracle, that Inverse uses to track token prices.
* The attacker misled the oracle into believing that the price of Inverse’s INV token was extremely high, and then siphoned off multimillion-dollar loans on Anchor using the inflated INV as collateral.
* In order to achieve it, the attacker firstly withdrew 901 ETH (about $3 million) from Tornado Cash, Ethereum’s best-known coin mixing service used to disburse crypto without leaving a clear trail.
* The attacker then injected these funds into several trading pairs on the DeFi platform and popular exchange, SushiSwap, that seemed to Keep 3r price oracle like an apparent inflation of the price of INV.
* When the price of INV was high as planned, the hacker took out INV-backed loans on Anchor before the price of INV back down to normal levels by the arbitrageurs.
* PeckShield called the attack high-risk because the $3 million worth of crypto used to trick the Keep3r price oracle, would have been completely lost if the price of INV had come to actual levels before the attacker took out the loans.
* The attacker has left only 73.5 ETH or crypto worth $2,50,000 in the attacker’s original Ethereum wallet.
(For the latest crypto news and investment tips, follow our Cryptocurrency page.)
Inverse had temporarily paused all borrowing on Anchor, and started working with Chainlink to build a new INV oracle, coindesk.com reported.
On the same day, Inverse announced that is modeling multiple paths for returning funds to those affected including working with Inverse partners
Blockchain security firm, PeckShield explained the way attacker exploited the vulnerabilities in INV :
* The attack that was well planned and executed according to Peck Shield stole 1,588 ETH, 94 Wrapped bitcoin (WBTC), 39 Yearn, Ethereum’s token (YFI) and 3,999,669 of INV’s native token (DOLA).
* The attacker took advantage of a vulnerability in the network of Keep3r price oracle, that Inverse uses to track token prices.
* The attacker misled the oracle into believing that the price of Inverse’s INV token was extremely high, and then siphoned off multimillion-dollar loans on Anchor using the inflated INV as collateral.
* In order to achieve it, the attacker firstly withdrew 901 ETH (about $3 million) from Tornado Cash, Ethereum’s best-known coin mixing service used to disburse crypto without leaving a clear trail.
* The attacker then injected these funds into several trading pairs on the DeFi platform and popular exchange, SushiSwap, that seemed to Keep 3r price oracle like an apparent inflation of the price of INV.
* When the price of INV was high as planned, the hacker took out INV-backed loans on Anchor before the price of INV back down to normal levels by the arbitrageurs.
* PeckShield called the attack high-risk because the $3 million worth of crypto used to trick the Keep3r price oracle, would have been completely lost if the price of INV had come to actual levels before the attacker took out the loans.
* The attacker has left only 73.5 ETH or crypto worth $2,50,000 in the attacker’s original Ethereum wallet.
(For the latest crypto news and investment tips, follow our Cryptocurrency page.)
