Washing crypto is a problem as exploiter gets away with $15 million

Share This Post

Inverse Finance is the latest victim of a DeFi exploit resulting in the loss of over $15 million, Peckshield revealed this weekend. The blockchain security firm released a tweet simply stating, “Hi, @InverseFinance, you may want to take a look,” linked to a transaction on Etherscan.

Washing crypto through Tornado Cash

Over the past few hours, the exploiter sent hundreds of Ethereum transactions to Tornado Cash. Tornado Cash is a standard tool among hackers and exploiters to attempt to obfuscate their transaction history. They describe their service as a tool that “improves transaction privacy by breaking the on-chain link between source and destination addresses. It uses a smart contract that accepts ETH deposits that a different address can withdraw.”

Users generate a random key and deposit ETH along with the note. The user then provides proof of the key to the note from another wallet to withdraw the ETH, thus breaking the transaction chain that “only the user possessing the Note can link deposit and withdrawal.”

The exploit involved a TWAP oracle which requires manipulating the price of a governance token of a DeFi project with low liquidity. TWAP stands for Time Weighted Average Price and “is constructed by reading the cumulative price from an ERC20 token pair at the beginning and the end of the desired interval. The difference in this cumulative price can then be divided by the length of the interval to create a TWAP for that period.” A detailed explanation of the exploit is available via a thread created by Chainlink community ambassador, ChainLinkGod.

The Inverse Finance response

Inverse Finance took to Twitter Spaces this evening to speak about the events of the exploit. In it, they explain how all decisions go through the on-chain governance of the DAO. A question is thus raised as to whether this allows for fast-moving decision-making during crises such as this. The team appeared extremely calm and collected during the Twitter Space, describing the oracle manipulation very matter-of-factly. They blame ‘arbitrage inefficiency’ as the exploiter used $500,000 of collateral to steal $15 million in minutes.

The DAO has now activated the Guardian rule on Anchor to prevent future borrows through the protocol used during the exploit. This is meant to “mitigate any future attacks of the same kind.” They then explain how their “peg protection”allows them to quickly restore market pegs and incentives, which they used in the aftermath of the exploit. The Twitter Space goes on for a further 30 minutes, explaining other features of Inverse Finance in an appeal to restore confidence in the project.

Exploits are not hacks.

What is important to note here is that the person responsible for this action is not a hacker, as some may report. Many articles currently ask, “If DeFi is so great, why does it keep getting hacked?” The answer is that most exploits are not hacks. No code or security permissions were cracked during this latest incident. Instead, an individual took advantage of an oversight by developers.

DeFi involves many moving parts, which are less than five years old. The excitement for such projects is high enough that investors are willing to deposit funds into unproven projects in the hope of enjoying outsized gains.

The governance token of Inverse Finance, INV, usually has a daily average volume of around $900,000 with a market cap of $31 million. The volume is up 5000% today due to the exploit, and the TVL of the project is currently reported at around $27 million. These numbers appear low for the world of crypto but, in reality, are amounts that would be life-changing for most people around the world. It took $500,000 to execute the exploit, which resulted in a 2,900% increase for the ‘attacker.’

By washing the money through Tornado Cash, the argument in favor of DeFi that all transactions are traceable becomes much weaker. The only way, I can see, is to follow the money. The exploiter sent ETH in 100, 10, and 1 denomination. Thus, in this case, tracking it would require tracing every withdrawal of those amounts from Tornado Cash over the foreseeable future. A task that is not viable. Even if this could be achieved, they didn’t do anything illegal. Against the terms of use? Most likely. Questionably ethical? Certainly, but, as we know, DeFi regulation is an evolving area, and this incident came about by someone making completely legal trades on a public blockchain.

DeFi is a work in progress. It highlights a growing need for better practices and increased testing in web3 development. We hope public confidence isn’t ruined by the almost daily reports of DeFi exploits.

The post Washing crypto is a problem as exploiter gets away with $15 million appeared first on CryptoSlate.

Read Entire Article
spot_img
- Advertisement -spot_img

Related Posts

Bitcoin Technical Analysis: Bears Tighten Grip as Price Dips Below Key Levels

Bitcoin is rocking at $95,492, with a market cap of $189 trillion, a 24-hour trade whirl of $42 billion, and prices swinging between $95,134 and $99,886 today Bitcoin Bitcoin‘s 1-hour chart

Michael Saylor Bitcoin Strategy: How His Vision Could Drive Bitcoin to $13 Million by 2045

The post Michael Saylor Bitcoin Strategy: How His Vision Could Drive Bitcoin to $13 Million by 2045 appeared first on Coinpedia Fintech News The market is going crazy with Michael Saylors’s Bitcoin

Top Analyst Says XRP To Outperforms ALL The Crypto

The post Top Analyst Says XRP To Outperforms ALL The Crypto appeared first on Coinpedia Fintech News After days of market turbulence, all eyes are on XRP as it faces a key resistance level According

Notcoin Price Prediction 2025, 2026 – 2030: Will NOT Price Record A 2X Surge In 2025?

The post Notcoin Price Prediction 2025, 2026 – 2030: Will NOT Price Record A 2X Surge In 2025 appeared first on Coinpedia Fintech News Story Highlights The live price of the NOT token is

DeFi TVL drops 16% but stablecoin market stays firm

The total value locked (TVL) in DeFi protocols saw significant volatility in the past week, dropping from $14095 billion on Dec 17 to $11776 billion on Dec 20 before partially recovering to $12206

Bulls Falter As PEPE Slide To $0.00001748: Key Support In Focus

PEPE bullish momentum has taken a hit, with the price retreating to a crucial support level at $000001748 This setback puts the bulls under pressure to hold the line as bearish forces regain