The Trust Project is a worldwide group of news organizations working to establish transparency standards.
DeFi application Mirror Protocol suffered a $90 million hack last year, and yet it went unnoticed for over half a year.
The exploit took place on the old Terra blockchain Terra Classic on Oct. 8, 2021, and it took seven months for it to be discovered. According to the Twitter user FatMan who first discovered the hack, the attacker stole $89,706,164.03. They found an exploit that allowed them to unlock collateral at a minimal cost.
According to FatMan, the Mirror Lock contract that locked collateral for 14 days lacked a duplicate check. That’s why they could steal funds multiple times. “The problem with having no duplicate check is an attacker can create a short position, and after 14 days, they could call their position ID multiple times in a list. This would let them steal funds from the lock contract over and over at little cost and zero risk,” Fatman wrote in a tweet.
According to a Mirror forum user, the security hole was fixed in early May. The fix was deployed on the chain on May 9, 2022, with the data published on GitHub on May 14. All was done without informing the public about the bug’s existence. The team has not made any statement regarding the situation.
Mirror Protocol is deployed on Terra classic, with assets available on Ethereum and Binance Smart Chain (BSC).
It seems the issues are just piling up on Terraform Labs (Terra). The company has experienced a crash of the Luna Classic blockchain, and it has since tried reviving it by launching Terra 2.0; following the airdrop of the first coins, the price plummeted by 60% on the same day. It also turns out that the company is reportedly under investigation by South Korean authorities following the crash. People working on the project since 2019 allegedly revealed that the founder was informed Terra could collapse at any time after the pilot model had failed.
Read related posts:
Disclaimer
Any data, text, or other content on this page is provided as general market information and not as investment advice. Past performance is not necessarily an indicator of future results.
