Inverse Finance drained for $1.2 million in a flash loan attack

Quick Take

  • A DeFi protocol called Inverse Finance suffered a flash loan exploit on Thursday.
  • The hacker made off with $1.2 million in crypto assets.

A decentralized finance (DeFi) protocol called Inverse Finance suffered a flash loan exploit on Thursday, with the hacker making off with about $1.2 million. Notably, this comes after Inverse Finance had become a target of a $15 million exploit in April.

In today's incident, an unknown perpetrator executed a flash loan attack using 27,000 wrapped bitcoin (worth about $579 million) at around 4:47 a.m. ET, according to on-chain data. The exploited funds included 53 BTC and 100,000 USDT.  

Further analysis of blockchain data shows that the exploited funds were sent to Tornado Cash, a popular transaction mixer on the Ethereum network.

PeckShield, a security firm that first noted the incident, said the protocol loss may be larger than the $1.2 million sum pocketed by the exploiter.


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Flash loans are loans taken out with a requirement that the borrowed sum be returned in the same transaction. While flash loans are meant for arbitrage trading and improving capital efficiency, hackers have abused them to manipulate DeFi price data feeds — known as oracles — and carry out exploits.

"The hack is made possible due to the price oracle manipulation, which misuses the balances of assets in the pool to directly calculate the LP token price. It is greatly facilitated by the flashloan to skew the reserves in the pool," PeckShield said.

To update its community, Inverse stated in a Twitter post that it has temporarily paused borrows and was still investigating.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]