A $90M Decentralized Finance Exploit Discovered Seven Months After It Occurred Last Oct

It is recorded to be the most time it has taken to discover a crypto protocol venerability.

Massive Unnoticed Hack

The Mirror Protocol has been a target for exploiters for more than 6 months, however the hack wasn’t noticed on the network until now. As per the information shared, the hack costed the protocol around $90M. User FatMan on Twitter broke the news just a couple days ago, highlighting that the Mirror Protocol on Terra Classic has been victim to a $90M since October of last year.

FatMan provided a more in-depth analysis of the hack, stating that he found out about this hack completely out of luck. FatMan revealed that the hackers had stolen $89,706,164.03 from the Mirror Protocol, to be exact, because of a secret venerability that they had discovered, enabling them to gain access to collateral coming in from the lock contact, draining the network slowly and steadily without anyone noticing.

A deeper look into the Terra Classic on-chain data has proven that the hacker found a way to access UST funds many times from the Mirror Protocol during a single transaction, in the meanwhile only depositing around $17.5 to make it possible.

The Mirror Protocol is basically a decentralized application (dApp) that focuses on the development of digital synthetics to follow the valuation of real-world assets including stocks, gold. The main contracts of Mirror were used on the Terra Classic chain; however, the assets were able to be accessed from both the Ethereum and the Binance Smart Chains.

The Blame Game

As found and reported by the Mirror community, the bug was taken care of silently, however the team at Mirror did not share any details about whether if the bug was found out or taken advantage all this time. The team at Mirror also hasn’t responded much about the venerability, which has led to them facing severe criticism from the community.

FatMan mentioned on his Twitter that there is still not solid or convincing evidence that a person from inside the protocol was to be held responsible. Many hacks and vulnerabilities in the past have had quite the history of their discovery times, however this latest on from Mirror is said to be the longest every recorded. The previous record holders were the team at Ronin, which took almost a week to realize that they had been hacked for around $600M.

Leave a Reply

Your email address will not be published. Required fields are marked *