According to Mirror, the attacker launched a public poll on Mirror’s official website, which proposes a freeze on the community pool in case of a scam.
— Mirror Polls (@mirror_polls) December 25, 2021
According to Poll ID: 211, named “Freeze the community pool in case of scam”, the scammer proposes an upgrade of safer community governance rules in case of a hack. If the hacker manages to get a positive majority on the poll, 25 million MIR tokens (worth $24.1 million at the time of writing) will be sent to the hacker’s address.
As evidenced by the above screenshot, Mirror’s proactive approach to warn the community has seen a sizable increase in the number of ‘No’ votes — confirming the security of the funds. According to WuBlockchain, the attacker initiated Proposal 185, disguised as a request for cooperation with Solana, effectively trying to defraud 25 million MIR tokens from the community fund pool.