Posted on April 5, 2022 at 6:08 AM
Another DeFi protocol has suffered a hacking incident. This time, lending protocol Inverse Finance was the victim, as t suffered a $15.6 million loss from crypto heists on Saturday.
The threat actor targeted the Anchor (ANC) money market and collected loans with tiny collateral after manipulating the token prices, driving them down on the lending protocol.
Inverse Finance is an open-source lending protocol on top of the Ethereum blockchain.
The Attacker Exploited The Keep3r Vulnerability
According to blockchain security firm PeckShield, the threat actor took advantage of the vulnerability of the Keep3r price to steal the funds.
The trademark deception used by the hackers deceived the oracle into thinking that the Inverse INV toke has skyrocketed in value. After the deceit, the attacker decided to get a multi-million dollar loan via INV as collateral. Following the incident, Inverse Fiance has suspended borrowing on the platform.
The threat actor needed $3 million in ETH from Ethereum-based Mixer Tornado Cash to carry out the attack. After getting the unknown funds, the attacker injected them into different trading pairs on the decentralized exchange SushiSwap, increasing the price of INV in the Keep3r price oracle.
A Rise In Attacks On DeFi Platforms
The decentralized finance (DeFi) industry has continued to see loads of attacks in recent times. Recently, Axie Infinity’s Ronin sidechain was hit by an attack that drained $625 million from the platform, making it one of the biggest crypto-related hacks in history. The funds stolen from Ronin belonged to five traders, according to reports.
The Ola Finance protocol also suffered a crypto heist as roughly $5 million was stolen from the platform. Last year, DeFi platforms lost nearly $1.3 billion from crypto-related hacks.
According to data from DefiLlama, the total value locked (TVL) in protocols across all chains is currently $231 billion.
The latest hack of Inverse Finance is the third multi-million dollar hacking incident involving a DeFi protocol in the last week. It shows that more threat actors are increasingly seeing DeFi protocols as one of the best ways to get their hands on people’s crypto funds. The industry is attractive to criminals because in most cases, they can successfully keep their loot without any trace back to them due to the anonymous nature of the industry.
Now threat actors are using flaws found in measures to ensure the smooth going of protocol operations to breach platforms.
Additionally, Solana-based DeFi cross-bridge network Wormhole was a victim of a crypto heist when $320 million was stolen from the platform in January this year.
The Vulnerability Came From Network Shortcut
The Chief of the Huobi crypto exchange Research Institute, Flora Li, stated that the flaw exploited by the hackers came from the shortcuts used to reduce network constraints. But while looking for an avenue to get into the network and steal funds, hackers exploited the shortcut.
The Inverse Finance hackers made away with 3,999,669 DOLA, 94 WBTC, 39 YFI, and 73.5 ETH. While the threat actors have cycled most of the stolen funds (about $3 million) back via Tornado Cash, it’s not clear where the funds will end up. As of the time of writing, about 73.5 ETH ($250,000) are still in the attacker’s original Ethereum wallet.
The protocol is a mixing platform that was on the same blockchain. After making the deposits, the funds were sent across SuShiSwaps into different trading pools.
According to an Inverse official, the protocol is partnering with Chainlink to launch a new INV oracle.
More Hackers Are Now Exploiting DeFi Protocols’ Vulnerability
At the moment, there have been incessant calls for DeFi protocols to improve the security of their platforms to reduce the level of vulnerabilities that allow threat actors to exploit systems. Most of the hacking incidents have been due to the exploitation of vulnerabilities in the affected protocol. While the crypto industry continues to see massive interest from the mainstream finance sector, hackers are now taking advantage of the boom in the industry to launch attacks ad steal users’ funds.
One of the most exciting aspects of blockchain is its high level of decentralization. Due to this feature, most crypto platforms designed using this technology as highly immune to third-party disruptions. However, project creators are now cutting corners to make their platform more efficient, cheaper, and faster. This has exposed their protocols to certain vulnerabilities that are now being exploited by hackers.