- Inverse Finance loses over $15 million in money market platform compromise.
- The hacker is said to have used Tornado Cash to throw off investigators.
- Inverse Finance has said it would repay all affected by the hack.
Ethereum DeFi platform Inverse Finance has confirmed that it suffered a security breach on Saturday. As reported by the platform, around $15.6 was lost in the exploit.
Another Day, Another DeFi Hack
At least 3 confirmed DeFi hacks occurred last week alone. First, the Ronin network lost over $600 million, then Ola Finance a couple of days later, losing over $3 million, then yesterday Inverse Finance. According to Inverse, the hacker made off with $15.6 million in DOLA, ETH, WBTC, & YFI.
The hacker reportedly compromised Inverse Finance’s money market platform Anchor, manipulating the price of INV, its native token. Inverse Finance is a DeFi lending platform that allows users to take loans against collateral in INV. With the manipulated price of INV, the hacker could trick the system and take huge loans against low collateral. Inverse Finance’s tweet read:
“This morning Inverse Finance’s money market, Anchor, was subject to a capital-intensive manipulation of the INV/ETH price oracle on Sushiswap, resulting in a sharp rise in the price of INV which subsequently enabled the attacker to borrow $15.6 million in DOLA, ETH, WBTC, & YFI.”
Crypto security and data analytics firm PeckShield was the first to notice the exploit and report it to Inverse Finance. PeckShield revealed that the exploit was not without risks; the hacker reportedly made an initial deposit of 901 ETH, roughly $3 million, to be able to carry out the price manipulation. According to PeckShield, a failure of the hacker to carry out the exploit before prices returned to normal would have led to the loss of this deposit.
PeckShield’s analysis further reveals that the hacker deposited these funds using Tornado Cash, a transaction mixer, to hide the source address. The hacker also employs the same method to dispose of most of the borrowed funds. According to PeckShield, only about 73.5 ETH is left in the address used to carry out the exploit.
The Way Forward
Inverse Finance, in their thread, revealed that they would do their best to repay all funds lost by users in full. They have stated that there are various ways to achieve this, and the network would decide on what path to take with the DAO, adding that these options did not include minting more INV as that would affect the value of the network’s stablecoin.
“The plan to be proposed to governance is to ensure all wallets impacted by the price manipulation are repaid 100%. We have multiple avenues for accomplishing this and will provide updates as the DAO discusses our options.”
Inverse Finance has also encouraged the perpetrator to come forward, offering a bounty for a return of the stolen funds. DeFi hacks reportedly led to the loss of $1.3 billion in 2021. Last week’s exploits alone total over $640 million.