According to a report by the team at Nansen, on-chain data studied between May 7th and May 11th revealed that the seven well-funded wallets first withdrew UST from the Anchor protocol on Terra. The funds were then bridged to Ethereum via Wormhole to be swapped for other stablecoins in Curve’s liquidity pools. The latter protocol was undergoing a lack of liquidity concurrently, and the swaps to other stablecoins triggered the UST depegging process.
As UST started losing its peg, the seven wallets went on to exploit arbitraging inefficiencies between Curve, Decentralized exchanges, and centralized exchanges. Concerning centralized exchanges, entities behind the seven wallets preferred to use Binance to offload their UST.
More on the Seven Terra Wallets that Moved Millions in UST
The report by Nansen further identified the seven wallets as follows:
0x8d47f08ebc5554504742f547eb721a43d4947d0a (EIP 1559 User) – with a notable transaction of 85 million UST bridged to Ethereum on May 7th then swapped on Curve for around 84.5 million USDC.
0x4b5e60cb1cd6c5e67af5e6cf63229d1614bb781c (Celsius) – which bridged 175 million UST out of Terra to Ethereum on May 7th. It then sent 125 million UST to Curve, which was then swapped to USDC in batches of 25 million.
0x1df8ea15bb725e110118f031e8e71b91abaa2a06 (hs0327.eth) – On May 8th, the wallet bridged 20 million UST to Ethereum.
0xeb5425e650b04e49e5e8b62fbf1c3f60df01f232 (Heavy Dex Trader) – this wallet received around 10.5 million UST on May 8th which were then swapped for USDC on Curve.
0x41339d9825963515e5705df8d3b0ea98105ebb1c (Smart LP: 0x413) – which bridged 20 million UST on May 8th which was then swapped for USDC on Curve.
0x68963dc7c28a36fcacb0b39ac2d807b0329b9c69 (Token Millionaire / Heavy Dex Trader) – which transacted around 30 million UST, swapping it for USDC on Curve on May 8th.
0x9f705ff1da72ed334f0e80f90aae5644f5cd7784 (Token Millionaire) – which made many transactions between May 8th and 9th bridging a total of 60 million UST to Ethereum.
Malicious Actors did Not cause the UST Depeg Event
In its concluding remarks, the report by Nansen stated that the UST depegging event could not be linked to a malicious attacker or group. It said:
This on-chain study refutes the narrative of one “attacker” or “hacker” working to destabilize UST.
Instead, we found that a small number of players identified and arbitraged vulnerabilities – specifically in relation to the shallow liquidity of the Curve pools securing the UST’s peg to the other stablecoins.