Washing crypto is a problem as exploiter gets away with $15 million

Share This Post

Inverse Finance is the latest victim of a DeFi exploit resulting in the loss of over $15 million, Peckshield revealed this weekend. The blockchain security firm released a tweet simply stating, “Hi, @InverseFinance, you may want to take a look,” linked to a transaction on Etherscan.

Washing crypto through Tornado Cash

Over the past few hours, the exploiter sent hundreds of Ethereum transactions to Tornado Cash. Tornado Cash is a standard tool among hackers and exploiters to attempt to obfuscate their transaction history. They describe their service as a tool that “improves transaction privacy by breaking the on-chain link between source and destination addresses. It uses a smart contract that accepts ETH deposits that a different address can withdraw.”

Users generate a random key and deposit ETH along with the note. The user then provides proof of the key to the note from another wallet to withdraw the ETH, thus breaking the transaction chain that “only the user possessing the Note can link deposit and withdrawal.”

The exploit involved a TWAP oracle which requires manipulating the price of a governance token of a DeFi project with low liquidity. TWAP stands for Time Weighted Average Price and “is constructed by reading the cumulative price from an ERC20 token pair at the beginning and the end of the desired interval. The difference in this cumulative price can then be divided by the length of the interval to create a TWAP for that period.” A detailed explanation of the exploit is available via a thread created by Chainlink community ambassador, ChainLinkGod.

The Inverse Finance response

Inverse Finance took to Twitter Spaces this evening to speak about the events of the exploit. In it, they explain how all decisions go through the on-chain governance of the DAO. A question is thus raised as to whether this allows for fast-moving decision-making during crises such as this. The team appeared extremely calm and collected during the Twitter Space, describing the oracle manipulation very matter-of-factly. They blame ‘arbitrage inefficiency’ as the exploiter used $500,000 of collateral to steal $15 million in minutes.

The DAO has now activated the Guardian rule on Anchor to prevent future borrows through the protocol used during the exploit. This is meant to “mitigate any future attacks of the same kind.” They then explain how their “peg protection”allows them to quickly restore market pegs and incentives, which they used in the aftermath of the exploit. The Twitter Space goes on for a further 30 minutes, explaining other features of Inverse Finance in an appeal to restore confidence in the project.

Exploits are not hacks.

What is important to note here is that the person responsible for this action is not a hacker, as some may report. Many articles currently ask, “If DeFi is so great, why does it keep getting hacked?” The answer is that most exploits are not hacks. No code or security permissions were cracked during this latest incident. Instead, an individual took advantage of an oversight by developers.

DeFi involves many moving parts, which are less than five years old. The excitement for such projects is high enough that investors are willing to deposit funds into unproven projects in the hope of enjoying outsized gains.

The governance token of Inverse Finance, INV, usually has a daily average volume of around $900,000 with a market cap of $31 million. The volume is up 5000% today due to the exploit, and the TVL of the project is currently reported at around $27 million. These numbers appear low for the world of crypto but, in reality, are amounts that would be life-changing for most people around the world. It took $500,000 to execute the exploit, which resulted in a 2,900% increase for the ‘attacker.’

By washing the money through Tornado Cash, the argument in favor of DeFi that all transactions are traceable becomes much weaker. The only way, I can see, is to follow the money. The exploiter sent ETH in 100, 10, and 1 denomination. Thus, in this case, tracking it would require tracing every withdrawal of those amounts from Tornado Cash over the foreseeable future. A task that is not viable. Even if this could be achieved, they didn’t do anything illegal. Against the terms of use? Most likely. Questionably ethical? Certainly, but, as we know, DeFi regulation is an evolving area, and this incident came about by someone making completely legal trades on a public blockchain.

DeFi is a work in progress. It highlights a growing need for better practices and increased testing in web3 development. We hope public confidence isn’t ruined by the almost daily reports of DeFi exploits.

The post Washing crypto is a problem as exploiter gets away with $15 million appeared first on CryptoSlate.

Read Entire Article
spot_img
- Advertisement -spot_img

Related Posts

Bitcoin Price Takes Another Hit: Bears Tighten Their Grip

Bitcoin price failed to surpass $100,000 and corrected gains BTC is back below $96,500 and might revisit the $93,200 support zone Bitcoin started a fresh decline from the $99,400 zone The price is

Can India Lead Crypto Regulation in 2025? Binance Thinks So

Binance expects India to lead global crypto regulation in 2025, driven by progressive frameworks aimed at boosting trust, fostering innovation, and expanding blockchain utility Will 2025 Be the Year

New Solana Memecoin Leader? PENGU Flips BONK Amid Whale Accumulation

The newly launched PENGU token has stolen the spotlight after becoming the largest Solana-based memecoin by market capitalization The token’s rally has gathered massive interest from large-scale

South Korea Sanctions 15 North Korean Hackers and One Entity Over Crypto Theft Operations

South Korea has announced sanctions against 15 individuals and one entity from North Korea involved in cybercrimes, including large-scale cryptocurrency heists The move comes amid rising concerns

Bitcoin Tokens Have Only Been Getting Older This Bull Run, Analyst Reveals

An analyst has explained how the age of the average Bitcoin token has only been getting older during the recent bull run, something that could be bullish for the asset’s price Bitcoin Average

Citi Predicts Crypto Surge in 2025, Driven by Trump Policies and ETF Inflows

Citi analysts forecast strong crypto growth in 2025, driven by Trump’s policies, rising ETF inflows, and stablecoin innovation, signaling a bullish outlook for bitcoin and defi Citi’s 2025