Terra sleuth FatMan wrote on Twitter on May 30, "So far, the mBTC, mETH, mDOT and mGLXY pools have been drained. In around 12 hours, the market feed will kick in, and the attacker will be able to drain all of the mAsset pools (such as mSPY and mAAPL, mAMZN, etc.)". He begged Mirror developers to fix the oracle, writing that they are "completely MIA".
The trader later confirmed on Twitter that it was their mistake rather than an account compromise or some other hack: "Yep, was a fat finger. Was trying to list at 105. Never thought it'd happen to me. Devastating."
Meanwhile, the NFT's new owner has it listed for sale for 110 ETH (about $219,000), which will net them a tidy profit if they find a buyer.
The price of the new $LUNA token has been volatile on its first day, starting at around $17 and later valued around $5.70. This would make the attacker's holdings of airdropped tokens worth around $12.1 million, assuming they could find liquidity to cash out.
The project creators claimed it was a hack, and stuck around to try to keep the hope alive. They claimed on Telegram that for some reason they couldn't access the project Twitter account, and so couldn't inform their community of the hack. They also began rallying their community around hopes for a project relaunch. Meanwhile, they announced a "CHAT MUTE UNTIL TOMORROW TO AVOID FUD" — as any reputable, not-rug-pulled project would do, I'm sure.
According to BleepingComputer, only about $1,700 in deposits appeared to have gone to addresses associated with the scam, although they acknowledged that the addresses are likely rotated and so the true amount may be larger.
Someone brought the scam to Musk's attention on Twitter, where he replied, "Yikes. Def not me." The YouTube channel hosting the videos was taken down shortly after.
Bitso is a major Latin American exchange, with mor than four million users across Mexico, Argentina, Colombia, and Brazil.
Researcher discovers vulnerability in the Terra Mirror Protocol that allowed attackers to siphon tens of millions from the project
FatMan discovered one instance where a person deposited $10,000 and later withdrew $4.3 million. According to FatMan, they found repeated exploits of this type that earned attackers "well over $30 million". Another researcher on Terra forums estimated about $88 million had been exfiltrated from the project in this way, over the many months the bug went undiscovered and unpatched by Mirror developers.
Blockchain timekeeping is also selling point of Solana, which talks up its "proof of history" algorithm in a blog post where Solana Labs co-founder Anatoly Yakovenko says, "our clocks never drift".
Terra decides to release "Terra 2.0", because apparently the way to fix a crypto catastrophe is with more crypto
Billy Markus, one of the original creators of the Dogecoin cryptocurrency (both of whom have since left the project), tweeted, "luna 2.0 will show the world just how truly dumb crypto gamblers really are".
The highly exclusive group of NFT collectors known as Proof Collective, of which this trader was a member, was reportedly preparing a report for the FBI and police. Because the attacker used an exchange that requires KYC there may be some possibility that their identity could be traced, although falsified KYC is also increasingly common.