DeFi platform Inverse Finance succumbed to a flash loan exploit on Thursday. Around 2 hours back, at 8:47 AM UTC, the hacker executed the hack using 27,000 WBTC. Per Etherscan’s data, the exploited funds included 53 BTC and 100,000 USDT and summed up to $1.2 million.
Flash loans allow traders to borrow unsecured loans from lenders without intermediaries. Essentially, the borrowed sum ought to be returned in the same transaction, and is usually executed by arbitrage traders. More often than not, attackers end up gaslighting DeFi price data feeds, or oracles, to carry out exploits.
Inverse Finance brought to light via a Tweet that its stablecoin DOLA was removed from its money market, Frontier. As a result, it had temporarily paused borrowings and begun investigating the incident. The protocol, however, claimed that no user funds were taken or risked.
Chalking out what could have possibly gone wrong, Curve Finance asserted that “the problem was them rolling a vulnerable LP token price oracle.” LP tokens, as such, allow market makers to be non-custodial, as in, they do not hold on to users’ tokens, but instead operate via automated functions.
Despite the broader market being in the midst of a relief rally, the protocol’s token INVERSE was trading in red at $0.53, evidently reacting to the attack. DOLA had also lost its $1 peg and was trading at $0.9957 at press time, after depreciating by 1.54% in the last 24 hours.
DeFi stolen fund numbers continue to rise
The reliance of hackers on flash loan attacks has not necessarily been on the rise. Per data from The Block, in April, $216.2 million was drained out of the DeFi ecosystem, while in May, the number had dropped down to $90 million.
However, with some of the other vulnerabilities being exploited every other day, the cumulative lost funds have been rising, despite briefly becoming flat for a while in April. At this point, the total funds stolen by DeFi attackers mount up to $2.18 billion.