How Was Terraport Finance Hacked?

2 min read

Learn how Terraport Finance was hacked, resulting in the loss of approximately $3.9 million.

TL;DR#

On April 10, 2023, Terraport Finance was hacked, resulting in the loss of approximately 15 billion $LUNC tokens, 9.7 million $TERRA tokens, and 5.5 million $USTC tokens, totaling approximately $3.9 million.

Introduction to Terraport Finance#

Terraport Finance is a DeFi platform on Terra Classic Network.

Vulnerability Assessment#

The root cause of the exploit is unknown at the moment; however, the team stated that the `breach was detected` in the Terraport Liquidity wallet.

Steps#

Step 1:

In the first attack transaction, the attacker drained approximately 9,148,426 $TERRA tokens worth approximately $1.18 million, and 15.1 billion $LUNC tokens, worth $1.88 million.

Step 2:

In the second attack transaction, the attacker drained approximately 576,736 $TERRA tokens worth approximately $115K, and 5,487,381 USTC tokens, worth $117K, totaling approximately $3.9 million worth of stolen funds.

Aftermath#

Changpeng Zhao, CEO of Binance, confirmed that their team reviewed the hacked transactions and discovered that no funds from the hack were deposited into Binance. However, the hacked funds were transferred into KuCoin and MEXC.

According to the CEO of KuCoin, the team has been taking actions to protect the users and will continue to keep a close eye on the movement of the funds.

After the hack, one member of the Terra Classic community pointed out that he had earlier called upon the unaudited code base of the protocol, but his defenses were rebuffed. LUNC DAO, a prominent Terra Classic validator, reveals that the protocol could possibly be yet another instance of a rug-pull by the team.

Following the occurrence of the incident, the team posted on Twitter that they are investigating the breach and that efforts have been made to secure the protocol. They further mentioned that they are working with community members and major exchanges to secure as many of the hacked funds as possible and blacklist the wallets in scope of the exploit.

Solution#

Users and investors must always look into the credibility of a DeFi project and its team before making any decisions about whether or not to invest in it. Many projects of similar nature also offer extremely high returns or promise unrealistic profits. We should always be cautious about all such projects and avoid the possibility of being looted in the future.

Reference Source Hacken

By

Tags