Inside Job? Wallet That Caused the UST Attack Suspected to Belong to Terraform Labs (Report)

Inside Job Wallet That Caused the UST Attack Suspected to Belong to Terraform Labs (Report)-featured

An investigation of the TerraformUSD and LUNA fiasco from last month shows that it could have been an inside job.

The two native digital assets created by Terraform Labs last month quickly depreciated, leaving only a failed restarting project. This attracted the attention of the whole cryptocurrency world. However, a recent analysis by the security firm Uppsala Security revealed that Terra itself is connected to and managing the wallet that was used in the hack.

  • Last month, Terra’s algorithmic stablecoin (UST), which was meant to be redeemable 1:1 with dollars, lost its peg and became arbitrage-profitable versus LUNA. The values of both assets fell to pennies in a couple of days, which sparked panic and sell-off throughout the market.
  • Regarding wlly happened, more information is coming to light. Recent investigations have been begun by the US and South Korea, and various watchdogs have detailed plans to include restrictions on the sector and stablecoins in particular.
  • The initial phase of Uppsala Security’s research reveals one address that has been linked to the initial run against UST and its de-pegging.
  • It was given the name “Wallet A” by the business, which concluded that it may be “owned or managed by Terraform Labs (TFL) or Luna Foundation Guard (LFG) themselves, or their linked parties.”
  • The inquiry revealed several accounts that were somehow connected to what happened, some of which were registered on Binance and Coinbase, showing in they exchanged UST, USDC, and USDT.
  • A “wallet affiliated with TFL took about the 150m of UST liquidity from Curve pool” was the initial action that caused the de-pegging. Later, Wallet A exchanged USDC for 85 million of the algorithmic stablecoin in the same Curve pool before sending the new cash to a Coinbase user account. This transaction is difficult to trace without the exchange disclosing user data.
  • Instead, according to Uppsala Security’s research, Wallet A’s Ethereum main net money originated from the Terra mainnet through the Wormhole. “terra1yl” (Wallet A(T)) was the name of the associated wallet on Terra.
  • Memo: 104721486 was being used to identify the precise Binance account into which Wallet A(T) was depositing UST. By May 25, it had acquired about 124 million UST since it began accepting UST earlier this year, the majority of which came from Wallet A. (T).

“On 2022-05-07 alone, the day the de-pegging of UST started, Wallet A(T) deposited a total of 108,251,326 UST into Memo: 104721486. Up until 2022-05-07 21:44 UTC, when TFL initially pulled 150m of UST liquidity from Curve pool, a total of 10 incoming transactions were made into Memo: 104721486, raising the likelihood that Wallet A(T) and Memo: 104721486 may have been aware of the impending UST liquidity withdrawal“.

  • Due to a tweet from the team, the initial address that sent UST to Memo: 104721486 was recognized as a wallet managed by LUNC DAO. This account (terra13s) had previously sent 19 million luna to another address (terra17p), which in turn had sent 100 million luna to another address (terra1gr), a validated LFG wallet.
  • Terra13s and Terra1t0 were the initial and early depositors in another user wallet on Binance (Memo: 100055002), which had received 2,665,579,215 UST up to May. The relationship between all addresses is more clearly depicted in the second image. Kim Hyung-woo, CEO of Uppsala Security, commented on the results.

“It was determined via the analysis of different on-chain data concerning the Terra event that Terraform Labs and associated businesses were in charge of both Wallet A and the wallet it was connected to. There is a need for authorities to look at linked exchanges like Binance, as it looks to be“.

Leave a Comment