Surprisingly, Decentralised Finance protocol Mirror on Terra blockchain suffered a $90 million DeFi hack in October 2021, which was completely undiscovered until last week.
Terra analyst “FatmanTerra” profile name has brought awareness to the 6 month old exploit.
Furthermore, blockchain security firm BlockSec also confirmed Fatman’s claim about DeFi exploit by assessing the transaction details.
The attack took place due to a bug present in the smart contract. Mirror Protocol enables users to hold short and long positions on tech stocks through synthetic assets.
In order to hold stock on Mirror, users had to provide collateral into different digital assets including UST, LUNA Classic (LUNC), and mAssets. The lock period for the collateral was as minimum as 14 days.
At the end of the trade, users could get back their collateral into their wallets. To transact for the digital asset, it requires Smart contract-generated ID numbers.
Unfortunately, due to a bug in the code, the smart contract was unable to detect when someone used the same ID to withdraw funds. One opportunist found this weakness in October and discovered that he could utilize many duplicate IDs to free more collateral than he had locked.
On a short note, the bug directly hands over the liquidity pool access to the perpetrator. The perpetrator drained about $90 million from the protocol.
BlockSec affirmed that the issue wasn’t highlighted owing to the smaller number of analysts who scan the Terra Chain in comparison to Ethereum and Ethereum-compatible chains.
Apart from this, there was no user interface available on the Mirror Protocol’s website to watch the total number of collateral in the protocol. Because of this, a giant vulnerability in the protocol had been left unnoticed.
Subscribe to The Crypto Times for more DeFi updates!!