Terra Blockchain Experiences Security Incident, Resulting in Estimated Losses of $5.28 Million

The Terra blockchain experienced a security incident that led to unauthorized access and the theft of millions of tokens.

The exploit focused on a vulnerability within a third-party module referred to as IBC hooks, which is an essential element that enables cross-chain contract interactions and token transfers within the network, as noted by crypto researcher Rarma in a recent post on X.

This breach resulted in the unlawful transfer of assets, including USDC stablecoin and Astroport tokens.

Preliminary evaluations indicate that around $5.28 million worth of tokens may have been affected.

Terra Implements Emergency Actions Following the Breach

In light of the breach, Terra introduced an emergency patch to rectify the suspected exploit and strengthen its defenses against potential future attacks.

“We will collaborate with the validators on Terra to implement an emergency patch thereafter to address a suspected exploit,” Terra stated in a communication regarding the incident.

The vulnerability that was taken advantage of had been recognized several months earlier and was subsequently patched across the wider Cosmos ecosystem in April.

However, a later upgrade on Terra in June inadvertently excluded this vital patch, leaving the platform exposed once again and facilitating the malicious activities that ensued.

“Terra blockchain was exploited for approximately 60M $ASTRO, 3.5M $USDC, 500k $USDT, and 2.7 $BTC,” reported smart contract audit firm Beosin in a post on X.

Terra blockchain was exploited for approximately 60M $ASTRO, 3.5M $USDC, 500k $USDT, and 2.7 $BTC.

The attacker exploited a reentrancy vulnerability in the timeout callback of ibc-hooks. The vulnerability was disclosed in April this year: https://t.co/CY39X28KyE https://t.co/hY9xA40hbJ

— Beosin Alert (@BeosinAlert) July 31, 2024

“There was a vulnerability in IBC hooks identified by Composable Finance in April,” stated Zaki Manian, co-founder of Sommelier Finance.

He noted that it was patched throughout Cosmos. Terra was patched at that time.

“It appears that Terra’s June upgrade did not incorporate the patch. All the Axelar USDC bridged to Terra was stolen using the IBC hooks exploit. A significant amount of ASTRO was also taken.”

Terra was hard forked from the Terra Classic network following a significant financial collapse in 2022, which was instigated by its algorithmic stablecoin, UST, losing its intended peg to the US dollar.

As of this writing, Terra has resumed block production.

The Terra chain has resumed block production at approximately 4:19 AM UTC today, and the emergency chain upgrade is now complete.

Transactions are currently being processed, and users may return to normal activities.

Validators holding over 67% of the voting power on Terra have upgraded…

— Terra Powered by LUNA (@terra_money) July 31, 2024

Crypto Market Recovers More Than Half of Stolen Funds in Q2

The cryptocurrency market has demonstrated significant resilience in challenging times, achieving a record recovery rate of 77% for stolen funds in the second quarter of 2024.

In Q2 2024, $347.4 million of the stolen crypto assets were successfully recovered or frozen out of the total $512.9 million lost, according to Hacken’s Web3 Security Report Q2 2024.

“For the second consecutive quarter, the silver lining amid the alarming rate of theft in crypto is the amount of funds recovered,” the report stated.

It is important to note that cryptocurrency scams have proliferated on X, with analysts attributing a substantial portion of all crypto scams to scammers on the platform.

Scam Sniffer, a web3 anti-scam organization active on X, conducted an analysis revealing that nearly $50 million is lost each month due to account impersonation on X.com.

Previously, Binance co-founder Yi He expressed concerns regarding the rise of cryptocurrency scams on X, questioning whether Musk would take measures to address the issue.

The post Terra Blockchain Suffers Security Breach, With $5.28M in Estimated Losses appeared first on Cryptonews.