Terra-Based Mirror Protocol Averts Crisis but $2M Drained Nonetheless

Free Bitcoins: FreeBitcoin | BonusBitcoin

Coins Kaufen: Bitcoin.deAnycoinDirektCoinbaseCoinMama (mit Kreditkarte)Paxfull

Handelsplätze / Börsen: Bitcoin.de | KuCoinBinanceBitMexBitpandaeToro

Lending / Zinsen erhalten: Celsius NetworkCoinlend (Bot)

Cloud Mining: HashflareGenesis MiningIQ Mining


Mirror Protocol, a decentralized finance app on the old Terra blockchain, has reportedly suffered yet another exploit. The governance participant “Mirroruser” on Terra Research Forum was the one who discovered the bug on May 30.

The Exploit

Popular Terra analyst and whistleblower “FatMan” also confirmed the attack shortly thereafter and revealed that if the vulnerability remained untreated, it would put all of its pools for tokenized assets at risk. After hours of delay, the devs finally stepped up and averted the crisis.

It all started with a bug in the pricing oracle for Terra Classic validators that enabled the exploit. For the uninitiated, the Mirror Protocol essentially enables users to create and trade mirrored assets, also known as mAssets, that “mirror” or are closely tied to the price of stocks, as the name suggests.

The DeFi app has its native versions for Bitcoin – mBTC, Ethereum – mETH, Polkadot -mDOT, etc., which closely mirror the price moves of the underlying assets. In addition to these pools, buggy oracle enabled the attacker to drain the pool for the token representing Galaxy Digital stock – mGLXY – as well.

The Save

The “root cause,”  as explained by Chainlink community ambassador “ChainLinkGod,”  was that the validators of the old Terra blockchain (now called the Terra Classic) were running an outdated version of the oracle software that published erroneous pricing. The Terra Classic validators were reporting the price of the new LUNA instead of the old LUNC.

In the nick of time, the devs fixed the issue with the LUNC price feed. Mirror Protocol then disabled the usage of mBTC, mETH, mGLXY, and mDOT as collateral which incapacitated the attacker to no longer use the ill-gotten funds to drain the rest of the pools.

While a few in the community speculated if the entire event was an insider job, FatMan believes otherwise. His tweet regarding the same read,

“It really just looks like negligence of the highest order, but given what’s transpired this month, you can’t really put anything past them. I see no reason/evidence to believe this is an inside job at this stage. It’s basically a game of who has the fastest bot.”

SPECIAL OFFER (Sponsored)

Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).

PrimeXBT Special Offer: Use this link to register & enter POTATO50 code to receive up to $7,000 on your deposits.



[ad_2]

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close