The lending protocol Inverse Finance was hacked, with the attacker withdrawing digital assets worth about $1.2 million. The project’s losses could exceed this amount, PeckShield said.
\n\n\n\n
1/ @InverseFinance was exploited in https://t.co/OaCemQfWug,
leading to the gain of ~$1.26M for the hacker (The protocol loss may be larger).— PeckShield Inc. (@peckshield) June 16, 2022
The company explained that the hacker used flash loan to manipulate the price oracle, which calculates the value of LP tokens based on the pool’s asset holdings.
\n\n\n\n
The attacker withdrew 53 BTC and 100 000 USDT. At the time of writing, ~68 ETH remained at the address linked to him. He liquidated the remaining assets on the Uniswap decentralized exchange and sent them to the Ethereum mixer address Tornado Cash.
\n\n\n\n
The Inverse Finance team also confirmed the hack. To prevent further losses, the developers temporarily paused borrowing operations. They stressed that users’ assets were not affected during the incident.
\n\n\n\n
Inverse has temporarily paused borrows following an incident this morning where DOLA was removed from our money market, Frontier. We are investigating the incident however no user funds were taken or were at risk. We are investigating and will provide more details soon.
— Inverse+ (@InverseFinance) June 16, 2022
Earlier in April 2022, an unknown withdrew from the Inverse Finance protocol more than $15 million in digital assets. The hacker exploited a vulnerability in the Keep3r price oracle.
\n\n\n\n
Read ForkLog’s Bitcoin news in our Telegram — cryptocurrency news, prices and analytics.
\n\n\n\n