According to PeckShield, the attackers used the same method of attacking the project as they did during the April hack when $15,6 million was stolen

Hackers withdrew $1,26 million from Inverse Finance

17.06.2022 - 11:50

282

2 min

What’s new? On June 16, Inverse Finance, a lending protocol, was hacked a second time. Attackers managed to withdraw $1,26 million, but the project could have lost more, according to analytics firm PeckShield. Inverse Finance developers confirmed the information about the hack and temporarily disabled the lending function to prevent further loss of funds. The team stressed that users’ assets were not affected during the incident.

Details of the hack. According to experts, the hack was made possible by a flash loan to manipulate the price oracle for an LP token of the Inverse Finance.

An LP (liquidity pool) token is issued to users of a crypto platform after depositing a liquidity pool. The larger the amount a customer provides to the platform, the more LP tokens they receive.

Through the exploit, hackers borrowed a significantly larger amount of the Inverse Finance protocol’s stablecoins, Dola (DOLA), than the amount deposited collateral. From the protocol, they withdrew assets in Tether (USDT) and Wrapped Bitcoin (WBTC). In total, the attackers managed to get $99 976 and 53,2 WBTC by exchanging them for ETH before sending all the stolen funds through the Tornado Cash transaction mixer.

Inverse Finance is a DeFi protocol based on the Ethereum blockchain. It has a fully collateralized multi-chain stablecoin DOLA and the governance token INV, which is used for staking payments.

On April 2, hackers withdrew $15,6 million from Inverse Finance. The attackers managed to commit an exploit by manipulating the price oracle of the INV/ETH pair on the SushiSwap exchange.

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy