Inverse Finance is at the center of another exploit for the second time in a year. Two months after the first attack that saw it lose $15.6 million in an oracle exploit, an attacker hit the platform again.
The latest incident is a flash loan exploit where the attacker stole $1.26 million USDT alongside some Wrapped Bitcoin (WBTC) tokens.
Inverse Finance is a decentralized finance (DeFi) protocol hosted on the Ethereum network. Likewise, a flash loan is a crypto loan that can be borrowed and returned in just a single transaction. On the other hand, Oracles are data-driven platforms that report external pricing information.
How the Attacker Manipulates the Pricing System
The latest incident happened after the exploiter used a flash loan to alter the price oracle. This price oracle is for a liquidity provider utilized by the protocol applications.
As a result, the attacker is now provided with the avenue to borrow many tokens. The borrowed tokens are far more than the collateral the attacker presented, thus making it possible to hide the difference.
Moreover, the attack came two months after a similar incident occurred in Inverse Finance. The April exploit saw the attacker manually manipulating the pricing model via price oracle to steal funds using the inflated price they created.
Meanwhile, Inverse Finance has responded to the recent exploit by temporarily halting borrowing and removing the DOLA stablecoin. Inverse Finance took this measure to give room for an investigation into the matter. However, the DeFi platform revealed that user funds were not at risk.
Inverse has temporarily paused borrows following an incident this morning where DOLA was removed from our money market, Frontier. We are investigating the incident however no user funds were taken or were at risk. We are investigating and will provide more details soon.
— Inverse+ (@InverseFinance) June 16, 2022
It further clarified that only the exploiters’ already deposited collateral was affected. However, the stolen DOLA stablecoins mean that the platform has incurred debt. The decentralized finance platform appealed to the attacker to return the stolen funds for a modest bounty.
Considering the latest exploit, the attacker carted away 99.976 USDT and 53.2 WBTC, which were later swapped to Ethereum before being moved to Tornado Cash to hide the loot.
BlockSec Analysis of the Attack
According to a blockchain security company, BlockSec, the attacker first borrowed 27,000 WBTC through a flash loan. After that, the attacker swapped some of the tokens with the liquidity provider (LP) coins for use as collateral.
Furthermore, the exploiter swapped the remaining WBTC to USDT stablecoins. The result is that it caused the price of the collateralized LP posted by the attacker to rise significantly. This, the price oracle, sees as the actual value, thereby authorizing further borrowing.
As a result, the attacker used the opportunity to borrow a large amount of the DOLA stablecoins. It is worth noting that the value of the DOLA tokens is greater than the deposited collateral, so the swap to USDT was necessary.
Deus Finance, Beanstalk Farms, and now Inverse Finance are some of the platforms that have been attacked this year.
The DeFi space can better protect its assets, and an air-tight security framework is needed to curb incidents like this.