$90 Million Hack of Terra’s Mirror Protocol Went Unnoticed for Seven Months

The frequency of DeFi hacks has made them second place in the cryptoverse. However, what is uncommon is a DeFi protocol exploits of up to $90 million going unnoticed for seven months – that is the story of Mirror Protocol.

The frequency of DeFi hacks has made them almost commonplace in the cryptoverse. However, what is certainly unusual is DeFi protocol exploits worth $90 million going unnoticed for seven months – and yet, that is the story of Mirror Protocol.

$90 Million Hack Goes Unnoticed for Seven Months

Mirror Protocol is a decentralized application on the Terra chain that allows for the creation of digital synthetics which track the price of real-world assets.

On May 17th, community members discovered a bug in the Mirror Protocol’s code that allowed a hacker to gradually siphon as much as $90 million, starting from October 8th, 2021. 

According to a user under the alias of “FatMan, the bug allowed the hacker to unlock other users’ collateral on Mirror Protocol, and withdraw it for themselves. 

The bug in Mirror’s code has been exploited “hundreds of times” since 2021, allowing the hacker to suck $89,706,164.03 out from the protocol. 

On-chain data indeed confirms that the hacker unlocked UST funds in the Mirror protocol multiple within the same transaction, paying only about $17.54 to do so.

Mirror Protocol Suffers Another Hack

Just days after the discovery, the DeFi protocol suffered a further attack on May 30th.

According to reports, the latest hack was caused by an error in the configuration of its price oracles, leading to the attacker taking advantage of a mismatched price between the old LUNC token, and the new LUNA token. 

The attack was made possible due to the fact that the Terra nodes were running on outdated oracle software. According to the Chainlink community member who spotted the attack, the hacker drained upwards of $2 million from the protocol.

On the Flipside

  • The bug was quietly fixed by Mirror Protocol developers on May 9th, without any official communication to the community that the code had been exploited. 

Why You Should Care

While this is certainly not the first DeFi exploit in history, it is by far the longest it has taken for one to be reported. The pressure continues to pile on for Terra.

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Milko Trajcevski

Milko Trajcevski is a DailyCoin news reporter, mainly focused on Ethereum (ETH), Cardano (ADA), and their founders (Vitalik Buterin and Charles Hoskinson). Milko is an avid follower of crypto and blockchain technology and has written thousands of articles on the subjects. He finds joy in transforming complex issues into written content that anyone can understand. Milko has used and analyzed numerous exchanges, such as Coinbase, FTX, and Binance. He also closely follows all of the latest news around the largest decentralized exchanges (DEXs). Location: Skopje, Macedonia