- This is the third multimillion dollar breach of a DeFi protocol this week
- Inverse tracks token prices using a Keep3r oracle, attacker made it think the price of Inverse’s native token was huge
- They used the inflated INV as collateral to take out a multimillion dollar loan on Anchor
Inverse Finance, a lending protocol based on Ethereum, said it had suffered an exploit on Saturday. The cybercriminals made away with $15.6 million worth of stolen cryptocurrency, CoinDesk reported.
According to the report, the attacker targeted the Anchor (ANC) money market, borrowing loans against negligible collateral after manipulating token prices to drive them down.
Third multimillion hack in a week
This has been the third multimillion dollar breach of a DeFi protocol reported in the past week, drawing attention to attackers’ increasingly sophisticated techniques. On Thursday another lending protocol, Ola Finance, lost $3.6 million. On Tuesday, more than $625 million was syphoned from Ronin network, a gaming-focused platform.
The weak link was a price oracle
Inverse tracks token prices using a Keep3r oracle, which the attacker tricked into thinking that the price of Inverse’s native token was exorbitant, PeckShield reported. Then, they used the inflated INV as collateral to take out a multimillion dollar loan on Anchor.
A very clever attack
The attack was notably well-funded. The criminal or criminals first withdrew 901 ETH (approx. $3 million) from Tornado Cash, which is used to conceal traces of crypto distribution. Then, they deposited it into a few different trading pairs on SushiSwap, a decentralized exchange, inflating the price of INV as perceived by the Keep3r price oracle.
Then, they took to Anchor, using the sufficiently high INV price to take the loan out before it could be brought back down to normal levels.
A high-risk plan
A representative from PeckShield told CoinDesk that the plan wasn’t without risk. If the price of Inverse Finance’s token had gone back down to normal levels before the attacker took the loans out, this $3 million in ether used to mislead the oracle would have been lost.
Stolen funds disappeared through Tornado Cash
The attacker got away with 1,588 ETH, 39 YFI, 94 WBTC, and 3,999,669 DOLA. They cycled most of the funds back through the privacy mixer. It’s hard to say where the money will go. Around $250,000 in ether remains in their original Ethereum wallet.
Borrowing on Anchor suspended
Inverse assured they had paused all borrowing on Anchor. A representative of the lender reported they were cooperating with Chainlink to build a new INV oracle.
Inverse also stated plans to make a proposal to its DAO to make sure all amounts lost in the attack are repaid in full.
Contributors
