Inverse Finance, an ethereum-based lending protocol, has lost $15.6 million in cryptocurrency following a hack, CoinDesk reported Saturday (April 2).
The cyberattack reportedly targeted the Anchor money market and artificially manipulated token prices, borrowing loans against extremely low collateral.
PeckShield, a blockchain security firm, said the Inverse attacker had taken advantage of a vulnerability in a Keep3r price oracle the firm used to track token prices, tricking the oracle into thinking the Inverse INV token had gone really high. From there, the attacker had apparently taken out multi-million-dollar loans using INV as collateral.
The report says that the attack took some serious funding to pull off. The attacker reportedly withdrew 901 ETH, or around $3 million, from Tornado Cash — which is normally used for disbursing crypto without leaving a trail.
After that, the attacker reportedly injected the mystery funds into numerous trading pairs on the SushiSwap decentralized finance (DeFi) exchange, inflating the INV price in the eyes of the Keep3r oracle.
After that, with the price high enough, the attacker took out the loans before arbitrageurs brought the price back to normal levels.
There have been numerous hacks of DeFi protocols just this week, which shows the sophisticated techniques that attackers have been using. One of the others saw the Ronin Network announce a loss of $625 million in crypto. Then, Ola Finance said it had been exploited for $3.6 million.
PYMNTS wrote that the Ronin hack involved a hacking of five passwords. Crypto is a field in which there is a large amount of hacking going on — last year, $14 billion was stolen, hacked and scammed away.
Flora Li, head of the Huobi cryptocurrency exchange’s Research Institute, said the issue came down to shortcuts taken to relieve network bottlenecks as the game involved in the hack became more popular. Hackers then took advantage of the shortcuts.