DeFi platform Mirror Protocol succumbed to over $2 million exploit due to a bug in the LUNC pricing oracle as revealed by Twitter user FatMan, quoting “the attack will get worse when markets open tomorrow unless the dev team steps in and fixes the price oracle.”
Another crypto enthusiast alleged that the majority of the TerraClassic validators are running an outdated version of the pricing mechanism.
One user ChainlinkGod highlighted that Terra Classic node operators were misquoting the actual price of the new Terra 2.0 token.
According to FatMan, the exploit could be spotted in liquidity pools mirroring Bitcoin, Ethereum, Polkadot, and Galaxy digital stocks within the protocol.
Interestingly he was the same user who in the past uncovered $90 million drainages in Mirror protocol last week that mysteriously went unnoticed in Oct 2021.
The Mirror Protocol is a decentralized finance [DeFi] platform that enables users to create and trade “mirrored assets,” or mAssets, that “mirror” the price of stocks – including major stocks traded on U.S. exchanges.
The incident led Mirror to disable the usage of BTC, ETH, GLXY, and DOT as collateral, thus preventing the attacker to drain the rest of the pools.
At the time of writing, Mirror Protocol has not yet made any official comment on the matter.
Mirror Protocol is a farce model?
FatMan also dropped a bombshell calling Do Kwon a fraud who sell MIR Tokens secretly.
The user recognized a wallet via Etherscan, which deployed the Mirror Protocol to yield smart farming contracts. The wallet generated a smart contract which FatMan thinks is somehow linked to the Terra wormhole framework and LP for Mirror Protocol.
He then went on to claim that the MP is a farce model aimed to make venture capitalists and Do Kwon more affluent while manipulating governance and conning retail.
The story is still unfolding and one has to wait and see if the allegations hold any truth.
Previously TronWeekly reported the DeFi protocol Inverse Finance [INV] $15.6 million suffered a hack in which the attacker exploited a vulnerability in a Keep3r price oracle which Inverse uses to track token prices.