Article Reading Time:
3 min.
Members of the community of the collapsed Terra project identified an exploit that threatens liquidity pools and forced developers to disable the ability to use mBTC, mETH, mGLXY, and mDOT as collateral.
Two days after the launch of the updated Terra 2.0, a user under the nickname Mirroruser informed the community about an exploit he had discovered, potentially threatening the restart of the entire project.According to his observations, a targeted attack is being carried out against the Terra's Mirror protocol and the attacker has already stolen assets worth about $2 million.
Probably due to the irrelevant price of the uluna oracle, the mBTC, mETH, and mDOT pools are merged.All other pools will be depleted as soon as the new oracle prices are available," Mirroruser wrote.
Mirroruser attached a list of addresses and transactions to his message.
On May 30, supplementing Mirroruser's post, a regular member of the Terra community under the nickname FatMan said in a tweet that the Mirror Protocol issue was identified seven months ago, in October 2021, but neither Mirror Protocol nor Terraform Labs responded to it.FatMan explained to the project participants the potential danger of the ongoing events.In his understanding , the problem is that in the current price oracle, Terra is stillthere is an error that tells the system that "LUNC is standingabout 5 UST, even though it's actually cheaper than a microcent."Therefore, "for $1,000 in LUNC, an attacker can obtain $1.3 million in collateral and steal real assets, for example, by taking out a loan."
FatMan warned that as soon as full-fledged market trading of Terra assets opens, the situation will deteriorate significantly , and an attacker or a group of attackers will try to drain all the assets in the pools.
"At the moment, the mBTC, mETH, mDOT, and mGLXY pools are depleted.After about 12 hours, the market tape will turn on, and the attacker will be able toempty all mAsset pools (such as mSPY and mAAPL, mAMZN, etc.)e.)," FatMan tweeted .
The concerns of Mirroruser and FatMan were shared by another member of the community, a specialist He wrote that "most validators don#TerraClassic #LUNC usean outdated version of the price oracle, publishes outdated prices and needs to be updated as soon as possible."
The Mirror Protocol and Terraform Labs teams have not officially responded to the incoming warnings.However, as FatMan learned, the crisis was averted at the very last moment: on May 31, the Mirror disabled the use of mBTC, mETH, mGLXY and mDOT as collateral.
It is not known how much may have been stolen from the attack, but a new strikeIn terms of reputation, Terra could be the last straw that destroys the very idea of the Terra 2.0 project.
</p>On May 30, it became known that the South Korean prosecutor's office had called for testimony all the executives and employees of the Terraform Labs cryptocurrency platform behind the Terra project.
</p>Read this:
The hacker withdrew $90 million from the Mirror protocol. This was discovered seven months later.
Analyst Suspects Do Kwon of Mirror Protocol Fraud
Developers Postponed Terra 2.0 Launch, Community Approves Burning 1.3 Billion UST
Symbiosis Introduces Tool to Automatically Deposit Liquidity to DeFi Protocol Pools
The developers launched the main network of the Terra 2.0 project
Singapore Police and SEC Launch Terra LUNA Investigation