Inverse Finance DeFi was hacked earlier today with hacker taking whopping 11.7 million dollars, with protocol loss being much larger as less will be using it from now on. This DeFi hack was made possible by making use of price oracle manipulation bug.
When INV, Inverse Finance’s token with highly manipulated price is used as collateral, it can be used to drain assets from Inverse Finance. Hacker made deposit of 901 Ethereum and manipulated the price. Due to bug in their smart contract, this allowed attacker to borrow $15.6M in DOLA, ETH, WBTC and YFI. This was not a flash loan attack.
Keep in mind this was a dangerous for hacker as well. If the hack failed, he would have lost access to 901 Ethereum as well. In other words, if anyone had frontruned the borrow transaction that would have been funny.
4) The initial funds to launch the hack are withdrawn from @TornadoCash and most of the result gains are deposited to @TornadoCash. Currently 73.5 ETH still stays in the hacker’s account. We are actively monitoring this address for any movement. pic.twitter.com/ghkNphyfXh