Terra Blockchain Resumes After Major Security Breach

By: Eva Baxter

The Terra blockchain has successfully resumed normal operations following a temporary halt implemented to address a significant security breach. This breach resulted in the theft of various digital assets, including USDC and Astroport tokens, valued at over $5 million in total.

The exploit leveraged a vulnerability in IBC-hooks, a third-party add-on designed to facilitate cross-chain contract interactions and token transfers through Inter-Blockchain Communication (IBC). Although Terra had previously patched this vulnerability in April, the fix was inadvertently reversed during a June update, exposing the network to the attack.

According to Cyvers Alert, a Web3 security firm, the attacker exploited a reentrancy vulnerability within the timeout callback of IBC hooks. Utilizing this vulnerability, the attacker managed to siphon off approximately $5 million worth of digital assets, including 60 million ASTRO tokens valued at around $1 million, 3.5 million USDC, 500,000 USDT, and 2.7 BTC, equivalent to roughly $178,000.

In response to the breach, Terra paused block production at block height 11,430,400 to implement an emergency patch. As of now, the vulnerability has been fixed, and network validators are in the process of updating their nodes to prevent similar exploits in the future. Terra stated, "Validators holding over 67% of the voting power on Terra have upgraded their nodes to prevent the exploit from recurring. More validators are expected to upgrade soon."

Despite these recovery efforts, the Astroport token (ASTRO) has experienced a dramatic decline, plunging by 62% in the last 24 hours to trade at $0.01775. The Cosmos-based liquidity protocol linked the decline in its token price to the IBC vulnerability, which allowed the attacker to mint several tokens on the Terra chain. While planning for further steps, the team at Astroport acknowledged that their token became collateral damage due to its meaningful liquidity on Terra.