Inverse Finance, an open-source protocol for lending and borrowing that runs on top of the Ethereum blockchain, has suffered a $15.6 million hack, according to an announcement that was made on Apr. 2.
The team says that the hack was not related to the protocol’s smart contract.
The attacker was able to artificially inflate the price of the INV token by taking an advantage of an oracle manipulation bug. This allowed them to borrow millions in various tokens, including wrapped Bitcoin (wBTC) and Yearn.Finance (YFI) on its Anchor money market.
Inverse Finance has temporarily suspended borrowing on Anchor due to the incident.
The hacker had to deploy $3 million worth of ETH from Ethereum-based mixer Tornado Cash in order to pull off the attack.
Most of the stolen funds have already been laundered with the help of Tornado Cash, which will make it difficult for the authorities to track down the ill-gotten tokens.
The Inverse Finance team says that no additional INV tokens will be minted in the aftermath of the attack.
The hacker who exploited the bug is being offered “a generous bounty” in exchange for coming forward to return the stolen funds.
A slew of DeFi hacks
The decentralized finance industry continues to suffer from constant attacks.
As reported by U.Today, Axie Infinity’s Ronin sidechain was recently drained of $540 million, which marks one of the biggest cryptocurrency-related hacks in history.
Nearly $5 million worth of crypto was also stolen from the Ola Finance protocol just days ago.
Last year, DeFi hacks reached a total of $1.3 billion in 2021.
The total value locked (TVL) in protocols across all chains currently stands at $231 billion, according to data provided by DefiLlama.