Terra Blockchain Suffers Security Breach, With $5.28M in Estimated Losses

cryptonews.com:

The Terra blockchain suffered a security breach that resulted in the unauthorized access and theft of millions of tokens.

The exploit targeted a vulnerability within a third-party module known as IBC hooks, a crucial component facilitating cross-chain contract calls and token movements within the network, crypto researcher Rarma said in a recent post on X.

The breach led to the illicit transfer of assets, including USDC stablecoin and Astroport tokens.

Initial assessments suggest that approximately $5.28 million worth of tokens may have been compromised.

In response to the breach, Terra deployed an emergency patch to address the suspected exploit and fortify its defenses against future attacks.

“We will be working with the validators on Terra to apply an emergency patch thereafter to remediate a suspected exploit,” affirmed Terra in a statement addressing the incident.

The vulnerability that was exploited had been identified several months prior and subsequently patched across the broader Cosmos ecosystem in April.

However, a subsequent upgrade on Terra in June inadvertently omitted this critical patch, leaving the platform vulnerable once more and paving the way for the nefarious activities that followed.

“Terra blockchain was exploited for ~60M $ASTRO, 3.5M $USDC, 500k $USDT, and 2.7 $BTC,” smart contract audit firm Beosin said in a post on X.

Terra blockchain was exploited for ~60M $ASTRO, 3.5M $USDC, 500k $USDT, and 2.7 $BTC.

The attacker exploited a reentrancy vulnerability in the timeout callback of ibc-hooks. The vulnerability was disclosed in April this year:https://t.co/CY39X28KyE https://t.co/hY9xA40hbJ

— Beosin Alert (@BeosinAlert) July 31, 2024

“There was a vulnerability in IBC hooks discovered by Composable Finance in