Posted on June 18, 2022 at 8:39 PM
In what is believed to be one of the biggest heists in the digital assets industry, hackers have stolen $1.26 million worth of crypto assets from decentralized exchange finance (DeFi) platform Inverse Finance.
The stolen crypto assets include wrapped Bitcoin (WBTC) and Tether (USDT). The hacking incident is coming barely two months after Inverse Finance recorded an exploit that allowed the hackers to steal $15.6 million.
Another DeFi Platform Exposed Again
More DeFi platforms are increasingly becoming the targets of threat actors who are taking advantage of the crypto craze and its anonymous nature to steal funds. The Inverse Finance platform facilitates the lending and borrowing of cryptos. These platforms are usually the target of flash loan attacks where the perpetrator takes a smart loan from an uncollateralized loan (Flash loan) from the platform.
They use the capital that they have borrowed and pay it back in the same transaction. This leads to a sudden increase in the price of the crypto asset before a subsequent withdrawal of their investments by the hackers. These activities happen quickly before the platform owners can even discover them.
DeFi platforms that depend on unstable price oracles are more vulnerable to flash loan attacks. Oracles are programs that are used in maintaining accurate pricing data for all crypto assets on the platform. The volatility of crypto assets makes this task a bit more difficult because the program would need to alter its data always.
Shortly after the attack on Inverse Finance, the platform temporarily suspended borrowing and took down its DOLA stablecoin from the money market. Inverse Finance later informed users that the incident is being investigated. But it has also confirmed that the attack only had an impact on the deposited collateral. It has also made a plea to the attackers to return the stolen funds in exchange for a “generous bounty.”
The Stolen Funds Were Concealed Through Tornado Mixer
The hacker gained 53.2 WBTC and 99,976 USDT in total from the attacks. After completing the attack, the hackers transferred the cryptocurrencies through the crypto mixer Tornado Cash. The platform is notorious for helping hackers hide their stolen digital assets, making them difficult to trace.
DeFi platforms facilitate crypto-based lending beyond traditional banking. Its recent surge has been a major reason for the high number of attacks on the platforms. DeFis have become the prime target for many hackers due to the concealable nature of crypto assets and the DeFi platform. Once an attack occurs and the funds leave the targeted platform, it becomes very difficult for the platform to retrieve the stolen funds.
The only other option is to plead with the attacker to return the stolen funds in place of a big reward. In the past, some platforms have managed to gain most of their stolen funds back by paying a reasonable ransom out of the stolen crypto fund. As of the time of writing, the attackers responsible for the heists on Inverse Finance have not responded to the company’s requests.
More DeFi Platforms Fall Prey To Attacks
The fact that hackers are targeting DeFi the most is a warning for those that want to enter into the emerging segment of the crypto sphere. According to crypto data aggregation platform Chainalysis, DeFi is presently one of the most exciting areas of the broader cryptocurrency system. It offers several opportunities to crypto holders and entrepreneurs.
DeFi platforms saw an unprecedented surge of activities and users in 2021. As it becomes more popular, it has also attracted bad actors. 15% of the total stolen funds last year were on centralized exchanges. But 51% of the stolen funds were from DeFi platforms, based on the report by Chainalysis. The report noted that the wider gap could be a result of the current KYC and AML processes embraced by crypto exchanges. This has threatened the anonymity of threat actors. But DeFi platforms are still exposed since they don’t offer such a high level of protection or scrutiny. As a result, more hackers are comfortable launching attacks on these platforms than they would normally do.
Recently, another DeFi platform Poly Network was attacked. The firm disclosed that unidentified actors exploited a bug in its system to steal thousands of digital assets such as Ethereum (ETH). Apart from ETH, the attackers also stole Polygon and Binance Chain assets, before transferring them to three different wallets. The company has provided the addresses and urged miners and exchanges to block tokens coming from those addresses.