X

Inverse Finance Ethereum-Based DeFi App Hacked; Hackers Siphon off $15 Million

Inverse Finance’s (INV) Anchor App was hacked and $15 million worth of DOLA, ETH, WBTC, and YFI cryptos were stolen

Hacks and scams seem to affect cryptocurrencies more often these days than previously. Recently, Inverse Finance (INV), an Ethereum (ETH) blockchain-based stablecoin decentralised finance (DeFi) protocol was hacked and more than $15 million was stolen, according to recent estimates.

Advertisement

What Exactly Happened?

Inverse Finance is an ETH-based stablecoin that aimed at generating a stable capital yield return for its investors. What happened was that the hacker deposited 901 Ethereum cryptos to the Inverse Finance DeFi protocol, Anchor.

Apparently, the hacker exploited a bug in the oracle backend system, which powered the INV/ETH exchange protocol on Sushiswap. This exploitation manipulated the price of INV and made it rise to a very high price. The hacker then used this manipulated INV token as a collateral to borrow other crypto assets (DOLA, ETH, WBTC, & YFI), and continued to do so until it exhausted all the available funds in that particular chain.

“This morning, Inverse Finance’s money market, Anchor, was subject to a capital-intensive manipulation of the INV/ETH price oracle on Sushiswap, resulting in a sharp rise in the price of INV, which subsequently enabled the attacker to borrow $15.6 million in DOLA, ETH, WBTC, & YFI,” read the tweet post by Inverse Finance, an Ethereum-based DeFi protocol.

Advertisement

PeckShield Incorporation, a top-rated crypto industry security analytics company, alerted the Inverse team about this hack and also explained a lot of the technical details about the hack. They have also highlighted the exact Ethereum (ETH) wallet address, which was used by the hackers to hack and then store the proceeds of the crime.

How Much Funds Were Stolen?

The data shows that YFI, WBTC and DOLA (Inverse’s stablecoin) worth several millions of dollars were stolen. But then the hacker used various decentralised exchanges, such as Uniswap, Sushiswap, and disperse.app, among others to exchange these stolen cryptos for Ethereum. The hacker’s Ethereum wallet at the time of completion of the hack had 4200 Ethereum cryptos, and it is worth approximately $14.6 million. As of writing this story, the said Ethereum wallet has moved the funds via Tornado Cash, and only $250,000 worth of funds remained in the wallet.

What Is The Update From The Developer?

Pending further investigation, the Inverse risk management team has paused all future borrows on its Anchor DeFi platform. They have also submitted a governance proposal that will fully reimburse the affected users if accepted by majority of the stakeholders. Not only that, they have also announced a bounty program if the hacker returns the funds to them.

Show comments