Hacker withdrew more than $15 million from the Inverse Finance protocol

The attack used price oracle manipulation on the SushiSwap platform

04.04.2022 - 07:35

468

2 min

What’s new? Inverse Finance, a lending protocol, was attacked by an attacker. The hacker managed to withdraw over $15 million from the platform by manipulating the price oracle of the INV/ETH pair on the SushiSwap exchange. The Inverse Finance team has promised to compensate the affected users.

Source: Twitter.com

What is known about the attack? Exploiting a vulnerability in a Keep3r price oracle led to a spike in the price of the INV token, allowing the hacker to borrow $15,6 million in ETH, YFI, DOLA, and WBTC tokens. The artificial overpricing allowed INV to be pledged as collateral for a large loan.

The attacker needed 901 ETH ($3,15 million at the exchange rate on April 4) to carry out the attack. Tornado Cash, a transaction mixing service, was used to enter these funds and withdraw the stolen tokens.

Inverse Finance is a decentralized platform founded in 2020. The project enables DeFi tools such as profitable farming and obtaining loans.

What had happened before? On March 29, the Ronin Network sidechain used by the Axie Infinity game was attacked. Using an exploit, the criminal withdrew more than $625 million in cryptocurrency (173 600 ETH and 25,5 million USDC).

Author: