Terra’s Mirror Protocol Could Collapse Due to Latest Exploit

A2ZPad
2 min readMay 31, 2022

--

Terra’s Mirror Protocol is experiencing an attack, with the attacker draining over $2 million already. The exploit remains unpatched and could get much worse in the coming hours.

Terra’s Mirror Protocol is suffering a new attack as users are reporting that the attacker has drained multiple assets for over $2 million. Assets that have been drained include mBTC, mETH, mDOT, and mGLXY. The exploit was first discovered by MirrorUser.

FatMan, a member of the Terra Research Forum who offers analyses and updates on the Terra collapse that has been taking place over the past few weeks, explained how the attack works. His understanding of the situation is that the pricing oracle has a bug that tells the system that “LUNC is worth around 5 UST when it’s actually under a microcent.” Consequently, “for $1k in LUNC, an attacker can now load up on $1.3m in collateral but can pull out real assets by borrowing.”

FatMan also provided an example of the transaction. He expects the situation to worsen, and the market feed opens, which should happen in a few hours. The attacker could drain all of the assets in the pools, including those related to stocks like mAAPL and mAMZN.

The Mirror Protocol team has not commented on the matter, and FatMan is worried that this will only worsen the situation as time runs out to fix the exploit. He has asked both the development team and Do Kwon to fix the issues, saying that,

“Mirror will accrue irremediable bad debt, and the system will collapse in on itself. This is not the time to be negligent.”

Another user, Todd G, has also explained how to fix the issue — by updating the price oracle. Terra will have to fix the issue fast or risk their troubles worsening.

Terra in deep enough waters without Mirror exploit

FatMan appears to have given up hope, saying that “it looks like nothing will be done and the project will collapse tomorrow for sure.” He also says that there are other vectors too, and urges users to pull their money out.

This exploit could be the final nail in the coffin for Terra, which has seen a dramatic fall. The last thing it needed was an attack, which would kill off any hope that remains in the launch of Terra 2.0.

It is uncertain how much will be stolen with the attack, but whatever it is, the reputational hit will be massive. Terra’s employees and Do Kwon are facing investigations, and this incident will not make their case any easier.

--

--