You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Two coffees later, as I was about to give up, I found this. Hold on... What's going on here? A single transaction from October 2021 unlocking one position over and over again - and it actually executed. Here's the transaction: https://finder.terra.money/mainnet/tx/08DD2B70F6C2335D966342C20C1E495FD7A8872310B80BAF3450B942F79EBC1F … (9/12)pic.twitter.com/lklZHIYQqV
The lock contract didn't check that the funds were sent from the mint contract, so the attacker opened a position with $10 in collateral (!) and send $10k directly to the lock contract. They could then loop-unlock others' collateral over and over again from the contract. (10/12)
In one transaction, the attacker turned $10,000 into $4,300,000. This was actually done several times, generating a total of well over $30m. All of this went completely unnoticed by TFL and the Mirror team & community. This is the first time this attack has been revealed. (11/12)
And that's how with a little bit of luck and a lot of research, I found out about one of the greatest yet most simple smart contract exploits in blockchain history that went under the radar for almost a year. Who did this? I have no idea, but I'll try to find out. (12/12)
PS. They tried hard to obfuscate their cashouts on Ethereum, but we're looking for them, and I hope we find them eventually. My team of researchers and I are hard at work - you can hide IRL, but the blockchain never forgets.pic.twitter.com/RHpE5u4hn2
Afterthought: I just realized that the attacker siphoning out tens of millions over the year is probably why @ApertureFinance users and Mirror shorters couldn't withdraw the other day - there was no new 'bug' - the Mirror developer team really should have disclosed this...
Two days on, I'd like to correct some claims going around: - I don't believe this was an inside job. No compelling evidence of that yet. - I'm not a 'genius' and I didn't find this all by myself. Story embellished for narrative; the credit goes to my amazing anon research team.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
What if I told you that Mirror Protocol, up until 18 days ago, was susceptible to the one of the most profitable exploits of all time, allowing an attacker to generate $4.3m from $10k in a single transaction? Here's how I discovered this - by pure serendipity. 
