Mirror Protocol is being exploited again as we speak, and the devs are completely MIA. So far, the attacker has drained over $2m and counting - the attack will get worse when markets open tomorrow unless the dev team steps in and fixes the price oracle. @mirror_protocol (1/4)
-
Show this thread
-
A bug in the pricing oracle is telling the system that LUNC is worth around 5 UST when it's actually under a microcent. For $1k in LUNC, an attacker can now load up on $1.3m in collateral but can pull out real assets by borrowing. Example tx: https://finder.terra.money/classic/tx/F830681D8FEACC4DA67E84D40C49F0FF805609F2BB5CCC39A0EFE66257F2D791 … (2/4)
21 replies 44 retweets 354 likesShow this thread -
So far, the mBTC, mETH, mDOT and mGLXY pools have been drained. In around 12 hours, the market feed will kick in, and the attacker will be able to drain all of the mAsset pools (such as mSPY and mAAPL, mAMZN, etc.) - most of the pools can still be saved. (3/4)
1 reply 27 retweets 308 likesShow this thread -
@stablekwon@mirror_protocol Please look into fixing the LUNC price oracle, because in a short while, all liquidity pools will be drained, Mirror will accrue irremediable bad debt, and the system will collapse in on itself. This is not the time to be negligent. (4/4)14 replies 41 retweets 386 likesShow this thread -
PS. Shout-out to Mirroruser (https://forum.mirror.finance/t/another-exploit/3511 …) who discovered the exploit, and a huge thank you to
@Die_Nub_Plz who helped me confirm and unpack the findings from the thread. This exploit is depressing (and almost comical), but we can still save people, so please act fast.6 replies 32 retweets 354 likesShow this thread -
PPS. This entire Mirror situation is a huge blow for me (and the crypto space in general), because personally, I truly believed that a decentralized stock market free of government control was one of the most powerful use cases for this technology. I hate to see it die like this.
32 replies 27 retweets 527 likesShow this thread -
Replying to @FatManTerra @Die_Nub_Plz
Fatman What makes you think this is not on purpose or an inside job?
1 reply 0 retweets 5 likes -
Replying to @MishGEA @Die_Nub_Plz
Primarily because anyone can do it, so it's a question of who's running the fastest script. I also don't see any ties to TFL wallets or anything.
3 replies 0 retweets 5 likes -
Replying to @FatManTerra @Die_Nub_Plz
Why can't the developers have the fastest scripts and let someone else do the dirty work. Is it common for developers to blindly step away and not notice such shenanigans? The answer is disconcerting no matter what the reason. I may be wrong but I smell collusion.
2 replies 1 retweet 3 likes
The Mirror team has somewhat disbanded but the radio silence is disconcerting. What you suggest is possible but I see no reason to assume that's the case
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.