DeFi exploit
Inverse Finance exploited again for $1.2M in flashloan oracle attack
Just two months after losing $15.6 million in a price oracle manipulation exploit, Inverse Finance has again been hit with a flashloan exploit that saw the attackers make off with $1.26 million in Tether (USDT) and Wrapped Bitcoin (WBTC). Inverse Finance is an Ethereum based decentralized finance (DeFi) protocol and a flashloan is a type of crypto loan that is usually borrowed and returned within a single transaction. Oracles report outside pricing information. The latest exploit worked by using a flashloan to manipulate the price oracle for a liquidity provider (LP) token used by the protocol’s money market application. This allowed the attacker to borrow a larger amount of the protocol’s stablecoin DOLA than the amount of collateral they posted, letting them pocket the difference. The at...
Illicit crypto usage as a percent of total usage has fallen: Report
Illicit cryptocurrency activity in 2021 and the first quarter of 2022 has declined as a percentage of overall crypto activity, according to blockchain forensics firm CipherTrace. The cryptocurrency industry has long held a reputation in some jurisdictions as a haven for illegal activity. However, CipherTrace estimates that illicit activity was between 0.62% and 0.65% of overall cryptocurrency activity in 2020. The firm reported that it has now fallen to between 0.10% and 0.15% of overall activity in 2021. Source: CipherTrace In its Cryptocurrency Crime and Anti-Money Laundering Report released June 13, CipherTrace outlined that the top ten decentralized finance (DeFi) hacks in 2021 and Q1 2022 netted attackers $2.4 billion. Over half of that figure came from just two events, the largest be...
Maiar decentralized crypto exchange goes offline after bug discovery
Minutes before 12 a.m. UTC on June 6, the CEO and co-founder of the Elrond Network, Beniamin Mincu, tweeted that he and his team were “investigating a set of suspicious activities” on the Maiar decentralized crypto exchange (DEX). Soon after the exchange was taken offline with Mincu reporting the issue was identified and an “emergency fix” was being implemented. In a Twitter thread posted almost 24 hours later around 11 p.m. UTC on June 6, Mincu said a potentially critical bug was identified which opened “an exploit area that we simply had to address and mitigate immediately.” The suspicious activities have been possibly identified and explained in a Twitter thread by pseudonymous on-chain analyst “Foudres” who revealed the potential attacker deployed a smart contract that someho...
