More bad news for Terra as fresh allegations emerge about Mirror Protocol More bad news for Terra as fresh allegations emerge about Mirror Protocol

More bad news for Terra as fresh allegations emerge about Mirror Protocol

Mirror Protocol devs allegedly covered up a major exploit that led to the siphoning of tens of millions of dollars.

More bad news for Terra as fresh allegations emerge about Mirror Protocol

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

@FatManTerra is back with fresh allegations about Terra’s synthetic assets protocol Mirror. Specifically, an exploit related to Mirror’s lock contract.

Since the Terra fiasco blew up earlier in May, @FatManTerra has been lifting the lid on the inner workings of the Terra ecosystem. The revelations paint a picture of suspicious goings-on.

The latest allegations further suggest that Terra users have been on the raw end of the deal for a lot longer than previously assumed.

Mirror Protocol under the spotlight

Details shared via social media on May 26 alleged that Mirror Protocol might not be as decentralized as it claims

@FatManTerra tweeted details of an investigation into Mirror’s whale wallets, which he suspects are actively trying to conceal their influence by spreading MIR tokens across burner wallets.

“I have found evidence that this wallet and related wallets try very hard to make it look like MIR governance is not majority-controlled by a single entity – they do so by splitting up MIR between several fresh anonymous wallets.”

One of these wallets is linked to Terraform Labs CEO Do Kwon via a Decentralized Autonomous Organization (DAO), on which he is an advisor.

Tying all of this together, @FatManTerra suggests this may point to senior figures within the Terra hierarchy manipulating governance and profiting as a result.

Fresh allegations

@FatManTerra also tweeted details of an exploit on the Mirror Protocol that was plugged roughly 18 days ago, which coincided with the time UST lost its peg.

The bug in question relates to the Mirror lock contract. Under normal circumstances, users lock their collateral, and after a 14-day holding period, they can use an unlock function to release the collateral.

Until the UST implosion, the code which governed the unlock function did not have a duplicate check. Meaning an attacker could repeatedly release funds after the 14-day lock-in period.

What’s more, @FatManTerra alleged that Mirror Protocol patched the bug without informing the Mirror community that it even existed.

Further investigations show attackers have exploited the bug hundreds of times since October 2021.

Suspicions were further set off when one of the wallets involved timed a UST dump just before the suspension of the Terra pegging mechanism.

A community investigator under the username PF92 said at least 88 million UST was stolen through this vulnerability.

@FatManTerra signed off the tweetstorm by saying he doesn’t know who is responsible but will continue investigating.

Mentioned in this article
Posted In: , Rumors