India freezes digital assets WazirX, linked with Binance The developers of Shiba Inu have announced a new mobile game Binance received a subpoena over Elon Musk's refusal to buy Twitter The New York authorities fined the crypto platform Robinhood for $30 million North Korean hackers forge CVs to join U.S. crypto companies A new unknown investor bought bitcoins for $3 billion Binance employee claims loss of 90% of customers and billion dollars in revenue MetaMask users face a phishing attack Unknown hacked almost 8 thousands crypto wallets on Solana

The $90 million Terra hack came to light seven months later

The $90 million Terra hack came to light seven months later

In October 2021, the Mirror Protocol app running on the Terra Classic platform fell victim to intruders. The theft was only detected in mid-May.

According to BlockSec, the weird transaction was noticed by a member of the Terra community. Well known online as FatMan, the user has been one of the most ardent opponents of the recent launch of the new Terra blockchain.

Unknown users found a bug in Mirror Protocol software and used it to withdraw about $90 million. To trade shares in the app, users had to unlock a previously deposited pledge amount using an identifier generated by a smart contract. Because of a bug in the application code, Mirror checked the identifier only once but did not do it when someone used it repeatedly.

In October 2021, attackers noticed that they could use a list of recurring identifiers to repeatedly unlock pledge amounts, a bug they took advantage of.

BlockSec believes the hack probably left unnoticed because a small number of users scanned Terra for problems compared to Ethereum and Ethereum-compatible chains. Moreover, the Mirror Protocol website lacked an interface to check the total pledge amount in the protocol, making it much more difficult to detect the vulnerability.

Subscribe to our Telegram channel for the most relevant, interesting, and informative news from the crypto industry.

Is there an error in the article?
To report