$90M DeFi hack goes unnoticed for seven months
To improve your local-language experience, sometimes we employ an auto-translation plugin. Please note auto-translation may not be accurate, so read original article for precise information.
DeFi application Mirror Protocol suffered a $90 million hack last year, and yet it went unnoticed for over half a year.
The exploit took place on the old Terra blockchain Terra Classic on Oct. 8, 2021, and it took seven months for it to be discovered. According to the Twitter user FatMan who first discovered the hack, the attacker stole $89,706,164.03. They found an exploit that allowed them to unlock collateral at a minimal cost.
According to FatMan, the Mirror Lock contract that locked collateral for 14 days lacked a duplicate check. That’s why they could steal funds multiple times. “The problem with having no duplicate check is an attacker can create a short position, and after 14 days, they could call their position ID multiple times in a list. This would let them steal funds from the lock contract over and over at little cost and zero risk,” Fatman wrote in a tweet.
According to a Mirror forum user, the security hole was fixed in early May. The fix was deployed on the chain on May 9, 2022, with the data published on GitHub on May 14. All was done without informing the public about the bug’s existence. The team has not made any statement regarding the situation.
Mirror Protocol is deployed on Terra classic, with assets available on Ethereum and Binance Smart Chain (BSC).
It seems the issues are just piling up on Terraform Labs (Terra). The company has experienced a crash of the Luna Classic blockchain, and it has since tried reviving it by launching Terra 2.0; following the airdrop of the first coins, the price plummeted by 60% on the same day. It also turns out that the company is reportedly under investigation by South Korean authorities following the crash. People working on the project since 2019 allegedly revealed that the founder was informed Terra could collapse at any time after the pilot model had failed.
Read related posts:
- Mirror introduces Writing NFTs
- Apple’s ‘RealityOS’ name for possible VR headset appears in mystery trademark application
- Williams Racing joins the Metaverse with Terra Virtua
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.