Over $90 million was stolen over seven months ago by attackers who found a weakness in the Mirror Protocol smart contract. This hack was discovered by mistake two days ago.
FatMan, a crypto enthusiast who is a member of the Terra community, posted a tweet regarding the identified issue. Representatives from BlockSec later validated the information.
According to the publicly available information, the scammers began withdrawing payments in October of last year. Using the Mirror Protocol, they might trade technology equities by going long or short with synthetic assets. At the same time, a particular quantity of bitcoin had to be blocked for two weeks using a combination of UST, LUNA, and assets.
Using the identity generated by the smart contract, the collateral could be withdrawn to the wallet when the transaction was completed. Unfortunately, due to a programming fault, it was possible to withdraw prohibited cash several times using the same identity. The con artists exploited this.
Unidentified Mirror Protocol users withdrew assets totaling $90 million. The hack went unnoticed because there was no active scanning of the Terra blockchain for problems. Also, the project did not have an interface that allows you to see the total amount of tokens in the pledge.