Ethereum-based DeFi lending protocol Inverse Finance suffered yet another hack. Peckshield was the first to observe the flash loan attack following which it revealed that the attacker carried out an exploit via price oracle manipulation.
The blockchain security company said a price oracle manipulation misuses the balances of assets in the pool to directly calculate the LP token price. It is greatly conducted by the flash loan to alter the reserves in the pool.
The hacker reportedly netted around $1.6 million funds from the DeFi protocol.
Gauging further into the blockchain data shows that an initial fund of 1 ETH was used to launch the exploit and was sold via Uniswap which was then withdrawn from Tornado Cash.
Currently, the hacker’s account still has 68 ETHs of the illicit gains while 1000 ETHs have been deposited to the coin mixer.
Peckshield also revealed that the attack was allegedly performed by a bot that front-runs the original hack.
In April, Inverse Finance was exploited for $15.6 million after an attacker targeted its Anchor money market and artificially skewed token prices to borrow loans against extremely low collateral.
Inverse Finance is yet to release an official statement regarding the incident.
Earlier today, the platform announced that it had temporarily halted borrows.
“Inverse has temporarily paused borrows following an incident this morning where DOLA was removed from our money market, Frontier. We are investigating the incident however no user funds were taken or were at risk. We are investigating and will provide more details soon.”