En aneren Dag, en aneren DeFi hacken as this popular Ethereum based lending protocol suffered a multi-million dollar exploit. Inverse Finance, a lending-focused decentralized finance protocol, lost more than a $15 million loss.
Sad day for DeFi
Another prominent decentralized finance protocol has fallen victim to a crippling security breach. Inverse Finance, a stablecoin protocol that focuses on capital efficient yield generation, got beaflosst in an exploit on 2 April. It lead to a loss of $15.6 million worth of digital assets.
peckshield, a blockchain analytics firm, first flagged this situation.
Salut, @InverseFinance, Dir wëllt vläicht e Bléck huelen: https://t.co/KHHWAozWj1
- PeckShield Inc. (@peckshield) Abrëll 2, 2022
The team acknowledged the situation in a Saturday morning tweet, Publikatiounen: “We are currently addressing the situation please wait for an official announcement.” Similarly, posted on the Discord server for InverseDAO, the governing structure for the protocol.
Here’s what went down
peckshield erkläert in a series of tweets that the hacker deposited 901 Ethereum to the protocol and used an oracle manipulation bug to manipulate the price of Inverse’s INV token. They then used INV as collateral to borrow assets and drain the protocol.
Den Hacker beaflosst millions of dollars in YFI, WBTC, and Inverse’s own DOLA token from the protocol. Later, used decentralized exchanges such as Uniswap to trade the assets for Ethereum. Finally, the Ethereum wallet ugeschloss to the hacker siphoned 4,200 Ethereum worth around $14.6 million through TornadoCash‘s transaction mixer to cover their traces.
4) Déi initial Fongen fir den Hack ze starten ginn zréckgezunn @TornadoCash an déi meescht vun de Resultat Gewënn sinn deposéiert @TornadoCash. Currently 73.5 ETH still stays in the hacker’s account. We are actively monitoring this address for any movement. pic.twitter.com/ghkNphyfXh
- PeckShield Inc. (@peckshield) Abrëll 2, 2022
Further blockchain Donnéeën uginn puer of the exploited ETH holdings were sent to Tornado Cash, a popular transaction mixer on the Ethereum network.
In the latest update on 4 April, the team addressed the users by stating:
“Update on our work to address yesterday’s price manipulation incident: we are modeling multiple paths for returning funds to those affected including working with Inverse partners.”
In additon, to inject some certainty post the exploit, the team’s twitter account behaapt huet:
2. DOLA – the anti-fragile stablecoin – continues to maintain its USD peg using the DOLA Fed. No governance token gimmicks and no fiat injections required …
— Inverse+ (@InverseFinance) Abrëll 3, 2022
The Inverse team paused future borrows on its Anchor platform. Later, submitted a governance proposal to reimburse affected users. Needless to say, the native token directly affected by this unfortunate event.
INV plummeted in the hours since the hack. It’s down 17.1% on the day, trading at about $314. At the time of writing, the token suffered another 7% Set as it traded around the $318 mark. Looking at the bigger picture, three massive exploits in a matter of a week is no joke and is cause for concern.
Source: https://ambcrypto.com/third-in-a-week-yet-another-eth-based-defi-protocol-suffers-a-15-6-million-exploit/