A major security breach has impacted the Terra blockchain, leading to the unauthorized access and theft of around $5 million worth of various cryptocurrencies. The stolen assets consist of approximately 60 million ASTRO tokens, 3.5 million USDC, 500,000 USDT, and 2.7 BTC. Beosin, a smart contract audit firm, disclosed the details of the breach in a public statement on X, confirming the exploitation of the Terra blockchain for the aforementioned digital assets.
Stay in the know on crypto by frequently visiting Crypto News Today
Hacking and Outage on Terra Blockchain
Security researcher Rarma (@Rarma_) has verified through X that the IBC hooks exploit from April has been identified. Through the deployment and utilization of a malicious CosmWasm contract via IBC interactions, an attacker managed to continuously activate the MsgTimeout in the IBC hook’s OnTimeout callback before the packet commitment was deleted.
CryptoCaster Quick Check:
This vulnerability could potentially allow for the recursive execution of the OnTimeout callback’s logic within the transfer application on chains that utilize ibc-hooks to incorporate ICS-20. As a result, there is a risk of funds being lost from the escrow account or tokens being minted unexpectedly, creating potential security threats and financial risks.
The security flaw, which has been known since April but not yet fixed, enabled the attacker to manipulate the IBC transfer process, creating tokens on Terra using the exploited method and then moving them off the platform. “Terra remains unpatched, allowing the exploit to take place. The attacker was able to create tokens that had been IBC transferred to Terra by leveraging a contract, IBC call (with IBC hooks), and a timeout. 3.5 Million axlUSDC, 500k USDT, 2.7BTC, 60m ASTRO tokens. Terra and Neutron IBC relayer need to stop,” Rarma stated.
The researcher went on to explain that “the IBC’d Assets were ‘re-minted’ with this exploit into the hacker’s wallet. They then IBC Transferred them OUT. The ‘minted’ tokens were ‘burnt’ on the way out. So, from a Chain, IBC and Relayer perspective, the exploited amounts of these tokens technically don’t exist on Terra anymore. The TVL for these tokens is completely fake.”
It is worth noting that the hacker has already moved his stolen assets, not through Cosmos, but by bringing them back to Ethereum and exchanging them for Ether (ETH).
In light of the recent security breach, the development team swiftly intervened by pausing the blockchain to avert any further exploitation. The community was promptly informed with detailed communication: “Please note that the chain will be temporarily halted at block height 11430400, and no transactions will be processed during this period. We are collaborating with the validators on Terra (phoenix-1) to implement an emergency patch to address a suspected exploit.”
Roughly four hours following the suspension, the development team successfully rolled out an emergency patch aimed at fixing the identified vulnerability and strengthening the blockchain’s security measures. This update was essential for restoring normal operations: “The Terra chain has resumed block production at approximately 4:19 AM UTC today, and the emergency chain upgrade has been finalized. Transactions are now being processed, allowing users to return to their regular activities. Validators representing over 67% of the voting power on Terra have upgraded their nodes to mitigate the risk of a similar exploit occurring again, with additional validators expected to follow suit shortly.”
We hope you found this article insightful. Before you go, please consider supporting CryptoCaster’s independent journalism.
In the world of media owned by billionaires like Elon Musk, Larry Fink (BlackRock), and Jamie Dimon (JP Morgan Chase), influence over narratives surrounding cryptocurrency and Web3 often reflects their interests. CryptoCaster is different. With no billionaire backers or shareholder obligations, we are committed solely to public interest journalism, covering crypto advancements and institutional changes without profit-driven motives.
Unlike much of mainstream media, which can fall into neutrality traps that obscure the real impacts on retail investors, we’re guided by transparency and integrity. We are unafraid to take a stand in the ongoing struggle against fiat banking dominance and in support of the monetary innovation driven by crypto and Web3. Reporting on issues like FTX, Binance, and Ripple, we bring a bold, unfiltered outsider’s view on global financial disruption—free from the constraints of traditional media narratives.
CryptoCaster remains paywall-free, accessible to everyone, thanks to the support of readers like you. Your contributions keep us independent and help ensure that critical information on the crypto landscape reaches all. If you value our work, please consider supporting us with a one-time contribution starting at just $1 in Bitcoin or Ether, or even monthly if you’re able. Scroll down to find our wallet addresses and help keep CryptoCaster independent and thriving.
Thank you for your support,
Kristin Steinbeck
Editor, CryptoCaster
Please Read Essential Disclaimer Information Here.
© 2024 Crypto Caster provides information. CryptoCaster.world does not provide investment advice. Do your research before taking a market position on the purchase of cryptocurrency and other asset classes. Past performance of any asset is not indicative of future results. All rights reserved.
Contribute to CryptoCaster℠ Via Metamask or favorite wallet. Send Coin/Token to Addresses Provided Below.
Thank you!
BTC – bc1qgdnd752esyl4jv6nhz3ypuzwa6wav9wuzaeg9g
ETH – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D
CRYPTOCASTER HEATMAP