The exploiters committed the atrocity by using a flash loan attack to fool the protocol and steal 10,000 USDT (tether) and over 53 bitcoin (worth about $1.1 million). The flaw was found less than two months after hackers stole $15 million worth of bitcoins from Inverse Finance in a similar attack, which was first made public.
The borrowing features for customers were suspended by Inverse Finance developers on Thursday during European hours while they investigated the situation.
Flash loans, a DeFi-specific mechanism, allow users to borrow substantial sums of money with little in the way of security. Traders typically utilize flash loans; however, malicious parties may use them to trick a protocol’s smart contract into manipulating liquidity pools’ prices and seizing the assets of such pools.
According to blockchain data, the attackers used about 27,000 wrapped bitcoin from the Aave lending protocol to launch the attack. Before being used to withdraw DOLA, the money was channelled through the trade service Curve for a variety of stablecoins.
The blockchain research tool Etherscan shows that an address called “Inverse Finance Exploiter” sent 900 ether, or $1 million, to the privacy mixer, Tornado Cash.
Attackers often use Tornado Cash to conceal stolen funds because it allows users to hide their addresses.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”