Inverse Finance Hack 2022 — $16M Exploit Analysis

Inverse Finance was exploited via TWAP oracle manipulation on Uniswap v2, allowing an attacker to inflate INV token price and borrow assets beyond collateral value.

Details

Full Description

The attacker manipulated the Uniswap v2 TWAP (time-weighted average price) oracle for Inverse Finance's INV token. By accumulating INV tokens and executing swaps to spike the price over multiple blocks, they inflated the TWAP oracle reading used by Anchor (Inverse's lending protocol). This allowed them to deposit inflated-value INV as collateral and borrow $15.6M in other assets.

Laundering Analysis

Borrowed assets (WBTC, ETH, DOLA, USDT) immediately converted and moved through Tornado Cash. Inverse Finance published a post-mortem and launched a debt repayment program. The protocol also suffered a second oracle manipulation attack in June 2022 for an additional $5.8M. Funds never recovered.

Sources

Transaction Hashes

Related Hacks

Back to Browse