Latest report stated that the Terra crash earlier in May was not caused by a single hostile party. Rather a total of seven wallets were flagged by Nansen researchers as they studied on-chain data from Terra to Ethereum. The report also concluded that the UST de-pegging was not carried out by hackers or attackers.
The Nansen report titled “Demystifying TerraUSD De-Peg” is an attempt at investigating the Terra crash. The report said that the attack was carried out by a group of seven well-funded wallets within the Terra ecosystem. The Namsen researchers studied on-chain data between 7 -11 May and traced the beginning to the Anchor protocol on Terra.
1/ What really happened to $UST?
After weeks of work from our team of researchers, here's an in-depth look at the $UST crisis that brought down the Terra ecosystem.
Make sure to retweet if you find it insightful too.
— Nansen🧭 (@nansen_ai) May 27, 2022
The seven wallets initially started withdrawing UST liquidity from Anchor. Then, they started to move the liquidity to Ethereum via Wormhole bridge and were later swapped for other stablecoins on Curve’s liquidity pools. Finally, arbitrage opportunities were created due to inefficiencies between Curve and several exchanges which led to the de-pegging of TerraUSD.
Following the ‘Seven’ trail
The wallets flagged by the report are as follows:
- 0x8d47f08ebc5554504742f547eb721a43d4947d0a (EIP 1559 User) – with a notable transaction of $85 million of UST bridged to Ethereum on 7 May then swapped on Curve for around $84.5 million of USDC.
- 0x4b5e60cb1cd6c5e67af5e6cf63229d1614bb781c (Celsius) – which bridged $175 million ofUST out of Terra to Ethereum on 7 May. It then sent $125 million of UST to Curve, which was then swapped to USDC in batches of $25 million.
- 0x1df8ea15bb725e110118f031e8e71b91abaa2a06 (hs0327.eth) – On 8 May, the wallet bridged $20 million of UST to Ethereum.
- 0xeb5425e650b04e49e5e8b62fbf1c3f60df01f232 (Heavy Dex Trader) – this wallet received around $10.5 million of UST on 8 May which were then swapped for USDC on Curve.
- 0x41339d9825963515e5705df8d3b0ea98105ebb1c (Smart LP: 0x413) – which bridged $20 million of UST on 8 May which was then swapped for USDC on Curve.
- 0x68963dc7c28a36fcacb0b39ac2d807b0329b9c69 (Token Millionaire / Heavy Dex Trader) – which transacted around $30 million of UST, swapping it for USDC on Curve on 8 May.
- 0x9f705ff1da72ed334f0e80f90aae5644f5cd7784 (Token Millionaire) – which made many transactions between 8 & 9 May bridging a total of $60 million of UST to Ethereum.
No hack, No attack
The report also concluded that a small number of “players” were able to figure out vulnerabilities leading to the crash:
“This on-chain study refutes the narrative of one “attacker” or “hacker” working to destabilize UST. Instead, we found that a small number of players identified and arbitraged vulnerabilities – specifically in relation to the shallow liquidity of the Curve pools securing the UST’s peg to the other stablecoins.”
This report should help security protocols on blockchains to prevent such loot from happening again. The vulnerabilities mentioned must be corrected in case of such attempts in the future.