Inverse Finance exploit: $1.2 million lost in a flash loan attack
Inverse Finance has once fallen victim to an exploit. On Thursday, the DeFi protocol lost $1.2 million after suffering a flash loan attack.
Inverse Finance suffers two exploits within just two months
Inverse Finance is a decentralized DeFi protocol with a total value locked of $11.08 million. On June 16th, the company announced losing $5+ million in an exploit. The attacker however managed to run off with only $1.2 million.
More specifically, on June 16th the attacker manipulated the oracle price of the protocol’s Frontier money market through a flash loan. A flash loan in DeFi allows users to borrow crypto funds, use them and repay them in a single transaction. However, flash loans have become a common way to perpetrate DeFi hacks. For example, Cream Finance, Beanstalk, and Deus DAO protocols have all been hit by this type of attack.
On April 2nd, someone already exploited Inverse Finance through a price manipulation attack resulting in the loss of $15.6 million.
Where are the funds related to Inverse Finance exploit?
First, the Inverse Finance attacker funded the exploit address through Tornado Cash minutes before the attack. The attacker transferred 0.98 ETH worth around $1,200 to make the flash loan.
Then, the attacker managed to steal 53.24 WBTC and 99,976.29 USDT amounting to a total loss of $1.2+ million.
The stolen WBTC and USDT have been quickly swapped to ETH on Uniswap decentralized exchange (DEX). On our Investigation Tool, we can see for example that the attacker sent 53.24 WBTC, corresponding to the amount stolen, to Uniswap and swapped it for 983 ETH. The tool accordingly flagged the transaction as a DEX trade.
Finally, the attacker sent 1,000 ETH to the Tornado Cash mixing service in batches of 100 ETH. The attacker used Tornado Cash to mix the tainted coins with other funds and obfuscate the trail of the funds.
For now, the Inverse Finance exploit address still has a balance of 68.46 ETH worth around $75,000 as shown below. We will keep on monitoring the funds related to the exploit.
How to prevent exposure to illicit funds?
Governments all over the world are regulating crypto-assets to prevent the unlawful use of crypto-assets such as money laundering. Companies onboarding crypto-assets should therefore ensure they have all the necessary tools and processes in place to avoid the facilitation of illicit crypto funds and mitigate their exposure to money laundering risks.
Scorechain’s blockchain analytics solution can help compliance officers mitigate such risks and adopt a risk-based approach to crypto transaction monitoring. Our solution deanonymizes blockchain data and red flags on high-risk activities such as scams, hacks, dark web, etc. helping customers promptly identify illicit funds and report them to authorities if necessary.
Would you like to discover how you can leverage blockchain analytics to reduce unnecessary exposure to risks? Don’t hesitate to request a demo.
Scorechain is a Risk-AML software provider for cryptocurrencies and digital assets. As a leader in crypto compliance, the Luxembourgish company has helped more than 200 customers in 45 countries since 2015, ranging from cryptocurrency businesses to financial institutions with crypto trading, custody branch, digital assets, customers onboarding, audit and law firms, and some LEAs.
Scorechain solution supports Bitcoin analytics with Lightning Network detection, Ethereum analytics with all ERC20 tokens and stablecoins, Litecoin, Bitcoin Cash, Dash, XRP Ledger, Tezos, Tron with TRC10 and TRC20 tokens, and BSC with BEP20 tokens. The software can de-anonymize the Blockchain data and connect with sanction lists to provide risk scoring on digital assets, transactions, addresses, and entities. The risk assessment methodology applied by Scorechain has been verified and can be fully customizable to fit all jurisdictions. 300+ risk-AML scenarios are provided to its customers with a wide range of risk indicators so businesses under the scope of the crypto regulation can report suspicious activity to authorities with enhanced due diligence.