Another big attack has occurred in Ethereum’s DeFi ecosystem.
An attack early Saturday drained Inverse Finance, a stablecoin system that focuses on capital efficient yield generation. PeckShield, one of the crypto industry’s leading security analytics companies, informed the Inverse team about the breach through Twitter only minutes after it happened.
In a series of tweets, PeckShield stated that the hacker injected 901 Ethereum into the system and utilised an oracle manipulation flaw to affect the price of Inverse’s INV token. The hacker then borrowed assets and drained the protocol, using INV as collateral.
According to Etherscan data, the hacker extracted millions of dollars in YFI, WBTC, and Inverse’s own DOLA token from the protocol before trading the assets for Ethereum on decentralised marketplaces like Uniswap. In order to avoid detection, the hacker’s Ethereum wallet has already stolen 4,200 Ethereum worth about $14.6 million via the transaction mixer Tornado Cash. At the time of publication, the wallet contained somewhat more than $250,000 in cash.
Surprisingly, INV is now holding strong in the market, contradicting a pattern seen with most other DeFi hacks. At the time of publication, it was trading at $402, up 5.9 percent.
