DeFi Protocol ‘Mirror’ Exploited for dollar2 Million Due to Buggy Code
Categories: Crypto News US
DeFi Protocol ‘Mirror’ Exploited for dollar2 Million Due to Buggy Code
Terra-based DeFi app Mirror Protocol has suffered an estimated US$2 million exploit related to the recent rebrand of the original Terra blockchain as Terra Classic.
During the attack, the pools for mBTC, mETH, mDOT and mGLXY were virtually completely drained – and initially there were fears all asset pools could be drained, before developers belatedly patched the exploit.
What is Mirror Protocol?
Mirror Protocol is a DeFi app that allows for the creation of digital ‘mirrors’ of real-world assets, such as stocks and other cryptocurrencies, which closely track the price of the assets on which they’re based.
Mirror is built on the Terra Classic blockchain, but its assets are also available on other chains such as Ethereum and Binance Smart Chain.
Attacker Exploited Confusion Caused by New Terra Chain
The attack was initially discovered by a user of the Mirror Protocol forum known as Mirroruser and was shared on Twitter by Terra analyst FatManTerra.
FatManTerra explained the exploit was possible because many Terra Classic validators were running outdated software and reporting the price of the new Terra (LUNA), which at the time was valued at about US$9.80, rather than the price of the original Terra Classic (LUNC), valued at around US$0.0001. This discrepancy allowed the attacker(s) to acquire US$1.3 million of collateral, such as mBTC, for every US$1000 in LUNC they spent.
Fix Put in Place Before Trading Begins
However, this was narrowly avoided as the developers were able to fix the incorrect pricing information just before US markets opened. The devs also disabled the usage of mBTC, mETH, mDOT and mGLXY, meaning the attackers couldn’t use their ill-gotten assets to drain any other pools.This was the second major exploit of Mirror Protocol revealed this week. Just days ago, FatManTerra reported an attack that occurred on October 8, 2021 and went unnoticed for an astonishing seven months, resulting in the loss of more than US$88 million in assets.
The past month has been rough for DeFi, with the chaos surrounding the collapse of the Terra ecosystem causing large discrepancies across platforms in the price of Terra-based stablecoin UST, leading to significant losses for some DeFi apps such as Blizz Finance and Venus Protocol.
DeFi exploits have also become increasingly commonplace of late; just weeks ago, Fortress Lending was taken for an estimated US$3 million.