Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Mirror Protocol, a decentralized finance app on the old Terra blockchain, has reportedly suffered yet another exploit. The governance participant âMirroruserâ on Terra Research Forum was the one who discovered the bug on May 30.
The Exploit
Popular Terra analyst and whistleblower âFatManâ also confirmed the attack shortly thereafter and revealed that if the vulnerability remained untreated, it would put all of its pools for tokenized assets at risk. After hours of delay, the devs finally stepped up and averted the crisis.
It all started with a bug in the pricing oracle for Terra Classic validators that enabled the exploit. For the uninitiated, the Mirror Protocol essentially enables users to create and trade mirrored assets, also known as mAssets, that âmirrorâ or are closely tied to the price of stocks, as the name suggests.
The DeFi app has its native versions for Bitcoin â mBTC, Ethereum â mETH, Polkadot -mDOT, etc., which closely mirror the price moves of the underlying assets. In addition to these pools, buggy oracle enabled the attacker to drain the pool for the token representing Galaxy Digital stock â mGLXY â as well.
The Save
The âroot cause,â as explained by Chainlink community ambassador âChainLinkGod,â was that the validators of the old Terra blockchain (now called the Terra Classic) were running an outdated version of the oracle software that published erroneous pricing. The Terra Classic validators were reporting the price of the new LUNA instead of the old LUNC.
In the nick of time, the devs fixed the issue with the LUNC price feed. Mirror Protocol then disabled the usage of mBTC, mETH, mGLXY, and mDOT as collateral which incapacitated the attacker from using the ill-gotten funds to drain the rest of the pools.
While a few in the community speculated if the entire event was an insider job, FatMan believes otherwise. His tweet regarding the same read,
âIt really just looks like negligence of the highest order, but given whatâs transpired this month, you canât really put anything past them. I see no reason/evidence to believe this is an inside job at this stage. Itâs basically a game of who has the fastest bot.â
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.