The wallet being referred to as an ‘attacker’ for creating a transaction that killed the algorithm-based stablecoin project Terra is actually a Terraform Labs wallet managed by Kwon Do-hyung.
This means that the internal acts, not external attacks, caused the Terra collapse, which cost investors tens of trillions of won. The prosecution, which is investigating the Terra event, has also confirmed this issue and is looking into it.
Who is behind the ‘attacker’ wallet?
For approximately a month after the Terra project collapsed on May 7th, blockchain security firm Uppsala Security and CoinDesk Korea have been examining the cause of the failure using on-chain data forensic tools.
Uppsala Security and CoinDesk Korea dug deep into the transaction history of the wallet (0x8d47f08ebc5554504742f547eb721a43d4947d0a), which has been identified as an attacker wallet by a number of research firms around the world. (This wallet is referred to as ‘Wallet A’ for convenience.)
Wallet A, a blockchain-based wallet, was formed at 4:32 p.m. on May 7th, according to Coordinated Universal Time (UTC). The first defegging of the UST, which was supposed to be tied to the US dollar, failed on the same day.
Around 9:44 p.m. on the same day, Terraform Labs withdrew over 150 million USTs (roughly $150 million) from the DeFi service curve, ensuring the Terra blockchain’s liquidity. According to CEO Kwon Do-hyeong,
“The reason for subtracting the UST worth 150 million dollars from the curve is to provide a more stable UST liquidity.”
Around 9:57 p.m. on the same day, Wallet A entered the curve and swapped 85 million UST for USDC, another stable coin. Wallet A generated a large-scale UST transaction just 13 minutes after Terraform Labs briefly withdrew UST liquidity from the curve.
Wallet A sent USDC to Coinbase, the largest virtual asset exchange in North America, after exchanging UST. A substantial amount of UST was put into numerous exchanges throughout the world before and after this transaction, hastening and eventually resulting in a bank run. As a result, Wallet A has been identified as the attacker’s wallet by a number of blockchain analysis firms around the world.