The Terra blockchain suffered a security breach that resulted in the unauthorized access and theft of millions of tokens.
The exploit targeted a vulnerability within a third-party module known as IBC hooks, a crucial component facilitating cross-chain contract calls and token movements within the network, crypto researcher Rarma said in a recent post on X.
The breach led to the illicit transfer of assets, including USDC stablecoin and Astroport tokens.
Initial assessments suggest that approximately $5.28 million worth of tokens may have been compromised.
Terra Enacts Emergency Measures in Response to the Breach
In response to the breach, Terra deployed an emergency patch to address the suspected exploit and fortify its defenses against future attacks.
“We will be working with the validators on Terra to apply an emergency patch thereafter to remediate a suspected exploit,” affirmed Terra in a statement addressing the incident.
The vulnerability that was exploited had been identified several months prior and subsequently patched across the broader Cosmos ecosystem in April.
However, a subsequent upgrade on Terra in June inadvertently omitted this critical patch, leaving the platform vulnerable once more and paving the way for the nefarious activities that followed.
“Terra blockchain was exploited for ~60M $ASTRO, 3.5M $USDC, 500k $USDT, and 2.7 $BTC,” smart contract audit firm Beosin said in a post on X.
Terra blockchain was exploited for ~60M $ASTRO, 3.5M $USDC, 500k $USDT, and 2.7 $BTC.
The attacker exploited a reentrancy vulnerability in the timeout callback of ibc-hooks. The vulnerability was disclosed in April this year:https://t.co/CY39X28KyE https://t.co/hY9xA40hbJ
— Beosin Alert (@BeosinAlert) July 31, 2024
“There was a vulnerability in IBC hooks discovered by Composable Finance in April,” Zaki Manian, co-founder of Sommelier Finance, said.
He added that it was patched across Cosmos. Terra was patched then.
“It appears that Terra’s June upgrade did not include the patch. All the Axelar USDC bridged to Terra was stolen using the IBC hooks exploit. A large amount of ASTRO was also stolen.”
Terra was hard forked from the Terra Classic network following a major financial collapse in 2022, which was triggered by its algorithmic stablecoin, UST, losing its supposed peg to the US dollar.
At the time of writing, Terra has resumed block production.
The Terra chain has resumed block production at approximately 4:19 AM UTC today and the emergency chain upgrade is now complete.
Transactions are now being processed, and users may resume normal activities.
Validators holding over 67% of the voting power on Terra have upgraded…
— Terra Powered by LUNA (@terra_money) July 31, 2024
Crypto Market Recovers Over Half of Stolen Funds in Q2
The cryptocurrency market has shown great resilience in the face of adversity, achieving a record recovery rate of 77% for stolen funds in the second quarter of 2024.
In Q2 2024, $347.4 million of the stolen crypto funds were successfully recovered or frozen out of the total $512.9 million lost, according to Hacken’s Web3 Security Report Q2 2024.
“For the second consecutive quarter, the silver lining amid the alarming rate of theft in crypto is the amount of funds recovered,” the report wrote.
It is worth noting that cryptocurrency scams have thrived on X, with analysts attributing a significant portion of all crypto scams to scammers on the platform.
Scam Sniffer, a web3 anti-scam company present on X, conducted an analysis revealing that nearly $50 million is lost each month due to account impersonation on X.com.
Earlier, Binance co-founder Yi He raised concerns about the proliferation of cryptocurrency scams on X, questioning whether Musk would take action to tackle the issue.
The post Terra Blockchain Suffers Security Breach, With $5.28M in Estimated Losses appeared first on Cryptonews.