$90M DeFi hack goes unnoticed for seven months


The Trust Project is a worldwide group of news organizations working to establish transparency standards.

Photo by Pixabay.

DeFi application Mirror Protocol suffered a $90 million hack last year, and yet it went unnoticed for over half a year.

The exploit took place on the old Terra blockchain Terra Classic on Oct. 8, 2021, and it took seven months for it to be discovered. According to the Twitter user FatMan who first discovered the hack, the attacker stole $89,706,164.03. They found an exploit that allowed them to unlock collateral at a minimal cost.

According to FatMan, the Mirror Lock contract that locked collateral for 14 days lacked a duplicate check. That’s why they could steal funds multiple times. “The problem with having no duplicate check is an attacker can create a short position, and after 14 days, they could call their position ID multiple times in a list. This would let them steal funds from the lock contract over and over at little cost and zero risk,” Fatman wrote in a tweet.

According to a Mirror forum user, the security hole was fixed in early May. The fix was deployed on the chain on May 9, 2022, with the data published on GitHub on May 14. All was done without informing the public about the bug’s existence. The team has not made any statement regarding the situation.  

Mirror Protocol is deployed on Terra classic, with assets available on Ethereum and Binance Smart Chain (BSC).

It seems the issues are just piling up on Terraform Labs (Terra). The company has experienced a crash of the Luna Classic blockchain, and it has since tried reviving it by launching Terra 2.0; following the airdrop of the first coins, the price plummeted by 60% on the same day. It also turns out that the company is reportedly under investigation by South Korean authorities following the crash. People working on the project since 2019 allegedly revealed that the founder was informed Terra could collapse at any time after the pilot model had failed.

Read related posts:

Disclaimer

Any data, text, or other content on this page is provided as general market information and not as investment advice. Past performance is not necessarily an indicator of future results.

Karolina Gaszcz

Karolina is a writer and journalist with a background in literary studies. She loves exciting tech solutions and art, and NFTs are often a perfect amalgamation of the two. Outside of work, she’s a plant mom, a vintage fashion enthusiast, and a gamer.

Follow Author

More Articles