Millions Drained From Ethereum DeFi Protocol Inverse Finance
Inverse Finance was hacked on Saturday. The hacker has already moved over $14.6 million through Tornado Cash.
Share this article
Another day, another DeFi hack. Inverse Finance is the latest Ethereum protocol to suffer a multi-million dollar exploit.
Inverse Finance Suffers Multi-Million Dollar Hack
Ethereum’s DeFi ecosystem has suffered another major hack.
Inverse Finance, a stablecoin protocol that focuses on capital efficient yield generation, was drained in an exploit early Saturday. PeckShield, one of the crypto industry’s top security analytics companies, alerted the Inverse team to the hack on Twitter minutes after the exploit occurred.
PeckShield explained in a series of tweets that the hacker deposited 901 Ethereum to the protocol and used an oracle manipulation bug to manipulate the price of Inverse’s INV token. They then used INV as collateral to borrow assets and drain the protocol. Etherscan data shows that the hacker drained millions of dollars in YFI, WBTC, and Inverse’s own DOLA token from the protocol and then used decentralized exchanges such as Uniswap to trade the assets for Ethereum. This Ethereum wallet connected to the hacker has already siphoned 4,200 Ethereum worth around $14.6 million through the transaction mixer Tornado Cash in a bid to cover their traces. The wallet contains just over $250,000 at press time.
The Inverse team acknowledged the hack in a tweet, but has not yet shared a full statement. “We are currently addressing the situation please wait for an official announcement,” the post read.
Update: The Inverse team has paused future borrows on its Anchor platform and said that it will be submitting a governance proposal to ensure that affected users are fully reimbursed. “The plan to be proposed to governance is to ensure all wallets impacted by the price manipulation are repaid 100%,” a tweet read. It’s also offering the hacker “a generous bounty” for the safe return of the funds.
This morning Inverse Finance's money market, Anchor, was subject to a capital-intensive manipulation of the INV/ETH price oracle on Sushiswap, resulting in a sharp rise in the price of INV which subsequently enabled the attacker to borrow $15.6 million in DOLA, ETH, WBTC, & YFI
— Inverse+ (@InverseFinance) April 2, 2022
INV has plummeted in the hours since the hack. It’s down 17.1% on the day, trading at about $314 at press time.
This story is developing and will be updated as more details emerge.
Disclosure: At the time of writing, the author of this piece owned ETH, INV, and several other cryptocurrencies. They also had exposure to UNI and YFI in a cryptocurrency index.