Mirror Protocol, a DeFi application built on the old Terra blockchain, was attacked by a $90 million exploit in October 2021, and it remained entirely undiscovered until last week. The attacker was able to unlock collateral from the protocol multiple times while just paying a little fee each time.
Terra’s DeFi Attacked Seven Months Ago
A pricey Terra DeFi exploit went unreported for seven months until last week. Mirror Protocol, built on the Terra blockchain, allowed users to employ synthetic assets to take long or short positions in tech stocks.
The protocol’s operating mechanism, however, was hacked for $90 million. The Terra chain DeFi attack was first found last week by a Terra community member and analyst named “FatMan,” and has now been confirmed by security analysts BlockSec.
Topluluk üyeleri açık a weakness in the Mirror Protocol’s code on May 17th, allowing a hacker to drain up to $90 million starting October 8th, 2021.
FatMan'e göre, kim diyor Hack'i "tamamen şans" ile keşfetti saldırgan, kilit sözleşmesinden teminatları "çok az maliyetle ve sıfır riskle" defalarca açmalarına izin veren bir istismar sayesinde protokolden 89,706,164.03 $ çaldı.
The Terra Classic on-chain statistics ortaya that the attacker was able to release UST funds from the protocol many times within the same transaction for only $17.54 each time.
By studying the precise exploit transaction, security firm BlockSec onaylı the community member’s findings.
Nasıl oldu
Users have to lock collateral for at least fourteen days in order to bet against a stock on Mirror. The original Terra digital currency, LUNA, was included with this collateral (now LUNA Classic or LUNC). mAssets and the now-defunct stablecoin UST were also involved.
Users were able to unlock the collateral and return the monies to their wallets once the trade was completed.
Furthermore, the use of smart contract-generated ID numbers assisted this procedure. The lock contract of Mirror Protocol, however, was unable to check whether a user had previously used the same ID to withdraw funds due to the presence of a bug.
İlgili Okuma | Tayland Dijital Ekonomiye Hazırlanıyor, 2023'ün Sonuna Kadar Kripto Transferlerini KDV'den Kaldırıyor
However, the Mirror’s lock contract apparently failed to check when someone used the same ID to withdraw funds many times due to a fault in the code.
In October 2021, an unidentified entity discovered that a list of duplicate IDs could be used to repeatedly unlock hundreds of times more collateral than they had. This essentially meant that the criminal may withdraw funds without permission.
A New Attack
On May 30th, just days after the discovery, the DeFi protocol was targeted again.
Göre raporlar, the newest hack was prompted by a flaw in the setting of the company’s price oracles, which allowed the attacker to take advantage of a price disparity between the old LUNC and new LUNA tokens.
The Terra nodes were running obsolete oracle software, which allowed the attack to take place. The hacker stole upwards of $2 million from the protocol, according to the Chainlink community member who discovered the attack.
Terra/USD consolidates after near-zero crash. Source: TradingView
This isn’t the first time a hack has gone unnoticed for a brief period of time. In March 2022, hackers stole $600 million from the Ronin sidechain, and it took a week for anyone to notice. It wasn’t until users keşfetti they couldn’t withdraw their money that anyone realized there was a problem.
Mirror Protocol, which is inceleniyor by the Securities and Exchange Commission, has yet to make an official statement on the situation.
The Mirror Protocol team has yet to issue a statement regarding the exploit, prompting community outrage. FatMan, on the other hand, believes that there is “compelling evidence” that the hacker was an insider.
While this isn’t the first DeFi exploit in history, it is the one that has taken the longest to be discovered. Terra is under a lot of scrutiny as the pressure piles.
İlgili Okuma | Not So Great Wall: How China Failed Miserably To Ban Bitcoin Mining
Shutterstock'tan öne çıkan görsel ve TradingView.com'dan grafik
Source: https://bitcoinist.com/defi-built-on-terra-succumbed-to-a-90-million/