Several pools have been drained as a result of the Mirror Protocol being hacked for more than $2 million. When pre-market stock trading begins this week, the attacker may be able to empty the remaining pools.
Mirror Protocol Exploited and Could be Drained in Hours.
Another vulnerability has been discovered in Mirror Protocol, a DeFi program built on the Terra blockchain. Over $2 million has been stolen so far, and if the bug isn’t fixed by 4:00 a.m. ET tomorrow, all of the company’s tokenized asset pools will be jeopardized.
The problem appears to be due to the oracle used by the protocol. The method a protocol collects data, including data from the real world, is through an oracle. The oracles in this situation retrieve information about the price of equities and various cryptocurrencies.
The problem, according to Todd Garrison, creator of Block Pane, which maintains validator nodes on several blockchains, is that most validators operating nodes on the Terra Classic chain are using an outdated version of the price oracle. As a result, instead of being valued a fraction of a cent, these nodes are notifying the Mirror Protocol that LUNC is worth 5 TerraUSD (UST) ($0.10).
“This is because a majority of the #TerraClassic #LUNC validators are running an outdated version of the price oracle! You can see who is publishing bad prices here terra.stake.id/#/ if they have a low missed-oracle vote count they need to update ASAP!!!” Todd Garrison said on Twitter.
The attack has been ongoing for the past few days, but because the stock market was closed for the weekend and Memorial Day in the United States, it hasn’t harmed the bulk of tokenized stocks. It was initially reported on the Mirror forum on May 29 by a member who goes by the nickname “Mirroruser.” They gave a number of addresses that were connected to the exploit.
FatManTerra, a member of the Terra community who spoke out against the manner the new Terra blockchain was deployed, believed that more than $2 million had been taken so far. He told The Block that he based his estimate on a variety of transactions, but that he has requested researchers to add up the total.
Last week, FatMan discovered a previous problem concerning Mirror Protocol, which was confirmed by security firm BlockSec. He discovered that the system was the victim of a $90 million hack near the end of last year, which went unreported for seven months.