No user funds are affected by the exploit, however Inverse Finance has incurred debt and offered the assailant a bounty to return the stolen funds.
Just 2 months once losing $15.6 million in a very worth oracle manipulation exploit, Inverse Finance has again been hit with a flash loan exploit that saw the attackers make off with $1.26 million in Tether (USDT) and Wrapped Bitcoin (wBTC).
Inverse Finance is an Ethereum-based decentralized finance (DeFi) protocol and a flash loan is a variety of crypto loan that's typically borrowed and returned within a single dealing. Oracles report outside pricing information.
The latest exploit worked by using a flash loan to manipulate the worth oracle for a liquidity provider (LP) token used by the protocol’s market application. This allowed the assailant to borrow a bigger amount of the protocol’s stablecoin, Dola (DOLA), than the quantity of collateral they announce, rental them pocket the distinction.
The attack comes simply over 2 months once a similar Apr a pair of exploit, that saw attackers artificially manipulate collateralized token costs through a worth oracle to empty funds using the inflated costs.
In response to the attack, Inverse Finance temporarily paused borrowing and removed DOLA from the cash market whereas it investigated the incident, saying no user funds were at risk. It later confirmed that solely the attacker’s deposited collateral was affected within the incident and solely incurred a debt to itself due to the stolen DOLA. It inspired the attacker to return the funds in return for a “generous bounty.”
( Jesse Coghlan, Cointelegraph, 2022 )