Mirror Protocol was exploited for almost $90 million seven months ago, and the attack was not discovered until a few days back
Image: Shutterstock
Mirror Protocol suffered an exploit worth almost $90 million on the Terra Classic on 8th October 2021, a Twitter user by the profile name FatMan revealed on 26th May 2022. This is the longest period for which a crypto exploit has been left undiscovered.
The attacker stole a hefty amount of $89,706,164.03 from the protocol. The Twitter user FatMan revealed that he found the hack by “pure serendipity.” The exploit allowed the attacker to access the collateral stored in the lock contract again and again at “little cost and zero risk.”
The Mirror Protocol facilitates the creation of digital synthetics to track the price of real-world assets, such as stocks. It is a decentralised application whose core contracts were deployed on Terra Classic. However, its assets are available on Binance Smart Chain (BSC) and Ethereum.
An investigation of the on-chain data of Terra Classic revealed that the attacker unlocked UST funds several times from the protocol within the same transaction and paid only approximately $17.54 to do so.
The bug was discovered by the members of the Mirror community on 17th May and was quietly fixed by Mirror developers on 9th May. The developer team did not comment on whether the bug had been noticed or previously exploited.