In a new exploit, over $2 million was stolen from Terra’s Mirror Protocol.

Published on:

Not long after, another DeFi exploit drained over $2 million in cryptocurrency from a protocol on Terra Classic, which had previously collapsed. The hackers might have stolen far more money if the developers hadn’t fixed it promptly.

On Monday, the governance participant “Mirroruser” of the Terra Research Forum was the first to discover the bug. He observed that the assault depleted all of the pools leading to Bitcoin, Ethereum, and Polkadot.

An oracle bug was corrupting Mirror’s ability to read LUNC’s value as $5, according to FatMan on Twitter.

The currency – formerly known as LUNA – has suffered from hyperinflation this month, causing its value to plummet. The value of one bitcoin has plummeted from $100 to less than a penny.

The oracle mispricing, according to a Chainlink Community member, was caused by validators using older oracle software.

They were reporting an outdated price for the new LUNA instead of the former, devalued LUNC.

Users may use LUNA as collateral to borrow more money from the protocol than is allowed due to the mispricing.

Fortunately, the bug was discovered ahead of time, allowing for the remaining funds to be kept. There was, however, over $2 million in funds lost as a result of “astonishing negligence,” according to FatMan.