Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Terra research forum member FatMan tweeted that the Mirror Protocol, a synthetic asset protocol developed by Terraform Labs, has a longstanding vulnerability. Since October 2021, attackers have exploited this vulnerability for multiple attacks within a period of 7 months, and the highest single profit exceeded $4 million ($4.3 million using $10,000), none of which was recovered by Terraform Labs Or the Mirror team found out. By the time the bug was fixed, the attacker's total profit from exploiting the bug could have exceeded $30 million. FatMan said the bug was discovered and questioned by Mirror forum members 11 days ago and has since been fixed, but the Mirror team has not made any statement on the matter. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 90,000,000.
- chain
- —
- protocol
- Mirror Protocol
- bug_class
- logic
- date_occurred
- 2022-05-28
- loss_usd
- $90,000,000
- source_id
- sm:mirror-protocol::2022-05-28