Flash loans are a sort of crypto loan often obtained and reimbursed in a single transaction.

The attackers could convert 99,976 USDT and 53.2 wBTC into ETH.

For the second time in two months, Inverse Finance has been the victim of a pricing oracle manipulation scam that resulted in the theft of $1.26 million in Tether (USDT) and Wrapped Bitcoin (wBTC).

Flash loans are a sort of crypto loan often obtained and reimbursed in a single transaction using Inverse Finance, Ethereum-based decentralized finance (DeFi) protocol. They make available information about prices from sources other than Oracle.

Attacker Could Borrow More Than Collateral
One of the most recent exploits works by manipulating the price of one of the protocol’s liquidity providers (LPs). The attacker could borrow more Dola (DOLA) than they had put up as collateral, allowing them to keep the difference.

Two months ago, attackers used a pricing oracle to artificially inflate collateralized token prices, which they then used to drain cash from victims. This time, while it conducted an investigation, Inverse Finance halted borrowing and withdrew DOLA from the money market, claiming that no customer funds were in danger.

The team stated:

“Inverse has temporarily paused borrows following an incident this morning where DOLA was removed from our money market, Frontier. We are investigating the incident however no user funds were taken or were at risk. We are investigating and will provide more details soon.”

It was eventually revealed that the incident solely harmed the attacker’s deposited collateral and that it only acquired a liability to itself owing to the stolen DOLA. In exchange for a “generous bounty,” the perpetrator was enticed to return the money.

The attackers could convert 99,976 USDT and 53.2 wBTC into ETH before transferring it via the Tornado Cash cryptocurrency mixer to hide their illicit earnings. $15.6 million worth of ether, wBTC, yearn.finance (yfi) and Dola were stolen from a server in April of this year in a similar hack.

Leave a Reply

Your email address will not be published. Required fields are marked *

WP Twitter Auto Publish Powered By : XYZScripts.com