On April 2, the Inverse Finance landing project reported a hacker attack, as a result of which assets worth $ 15.6 million were stolen. The protocol team promised to compensate the users' losses.
"This morning, one of the Inverse Finance markets, Anchor, underwent capital-intensive manipulation with the INV/ETH price oracle on SushiSwap, which led to a sharp increase in INV quotes. This allowed the attacker to take out a loan of $15.6 million in DOLA, ETH, WBTC and YFI," the project team wrote.
According to PeckShield, the attacker exploited a vulnerability in the Keep3r price oracle, which Inverse Finance uses to track token prices. The exploit allowed the hacker to "cheat" the protocol — he inflated INV quotes and used the asset as collateral in the Anchor Protocol market.
The company noted that the hacker needed to deposit 901 ETH (more than $ 3.15 million) to carry out the attack. The funds came from the Tornado Cash mixer. The attacker also transferred most of the stolen assets to the address of the service.
At the time of writing, the hacker's address is practically empty.
The Inverse Finance team has suspended all borrowing operations on the Anchor Protocol market. The developers turned to the hacker with a request to return the stolen assets for a reward.
A proposal to compensate the affected users will be submitted for consideration by the DAO behind the project.
Recall that in March 2022, hackers attacked the Ronin sidechain of the Axie Infinity blockchain game. The attackers withdrew assets worth a total of $625 million.