Terra Blockchain Shut Down After $4M Hack Exposed Vulnerability

On Wednesday, Terra developers temporarily halted network operations due to a reentry attack, which resulted in the theft of over $4 million in various tokens from the blockchain. The network was paused at block 11430400 to deploy an emergency patch that addressed the vulnerability. The fix was completed by 04:19 UTC, with validators, who are responsible for supporting the network, upgrading their nodes to prevent future exploits. Over 67% of Terra’s voting power supported this update, ensuring the stability and security of the network.

Attack Details

Security firm Beosin reported that the attack resulted in the theft of $3.5 million in USDC stablecoin, $500,000 in USDT stablecoin, 2.7 bitcoin (BTC), and over 60 million ASTRO tokens from Astroport. Beosin explained that the attacker exploited a reentrancy vulnerability in the ibc-hooks callback timeout, a vulnerability that was disclosed in April. This type of bug allows exploiters to fool a smart contract by repeatedly calling a protocol to steal assets, thereby authorizing the smart contract address to interact with a user’s wallet address.

Impact on tokens and market reaction

ASTRO, the native token of Cosmos liquidity protocol Astroport, has seen a significant decline following the attack. CoinGecko data showed ASTRO down 56%. Meanwhile, Terra’s Luna Classic (LUNC) token has seen a 3.4% decline over the past 24 hours. The exploit caused ASTRO’s price to drop sharply from $0.046 to a low of $0.013, although it has since recovered to above $0.02 as efforts to fix the vulnerability continue.

Response from Terra and Astroport teams

On July 31, the Terra blockchain announced a temporary halt in operations at block 11430400 and informed users of the downtime via a post on X. The Astroport team confirmed the incident, attributing it to an IBC vulnerability. They noted that the exploit appeared to have been used to mint several tokens on the Terra chain, including ASTRO. With the blockchain down, no further tokens could be minted, limiting the extent of the damage.

See more

IBC, or inter-blockchain communication protocol, is an open-source protocol that enables authentication and data transfer across multiple chains. This protocol allows users to access various decentralized applications and services across multiple blockchains. The Terra chain shutdown was prompted by a report from blockchain security firm Cyvers, which revealed that 60 million ASTRO tokens had been stolen in the exploit. Other tokens were also affected, including 3.5 million USDC, 2.7 BTC, and 500,000 USDT.

See more

Efforts underway to secure the network

The sharp drop in ASTRO’s price highlighted the market’s reaction to the exploit. The token’s price initially plummeted, but has since shown some recovery as the teams involved work diligently to patch the vulnerability. The joint efforts of Terra developers, validators, and the Astroport team aim to restore confidence in the network’s security and prevent similar incidents in the future.

Ensuring future security

The reentrancy attack on Terra highlights the importance of robust security measures in blockchain technology. By exploiting a known vulnerability, the attacker was able to cause significant financial damage and disrupt network operations. The rapid response from Terra and its partners highlights their commitment to maintaining a secure and reliable blockchain environment. Going forward, continued vigilance and continuous improvement of security protocols will be essential to protect against similar threats and ensure the stability of blockchain ecosystems.

Fuente