The Terra chain is grappling with a significant security breach that reportedly resulted in the theft of over $5 million in assets, including USDC and Astroport tokens, due to an unpatched vulnerability. On Wednesday, July 31, the Terra Luna chain temporarily halted operations following a suspected exploit. Terra's official account on X (formerly known as Twitter) announced the imminent halt at block height 11430400, leading to a cessation of all transactions as developers and validators worked to resolve the issue.

Inside The Latest Terra Hack

“Attention Terra users: Please be advised that the chain will be halted shortly at block height 11430400 and transactions will not be processed during this time,” the Terra team alerted its users. They raised concerns about a potential hack and assured that they were taking necessary steps to address the issue. The team added, “We will be working with the validators on Terra (phoenix-1) to apply an emergency patch thereafter to remediate a suspected exploit.”

An unidentified attacker exploited a vulnerability in a third-party module known as IBC hooks, which is used for cross-chain contract interactions and token transfers. This exploit allowed the attacker to siphon value from bridged assets, impacting tokens such as the USD Coin (USDC) stablecoin and Astroport tokens. Preliminary assessments suggest that around $5 million in tokens were affected.

The announcement of the Terra hack led to a notable drop in the price of Terra Luna Classic (LUNC), which fell over 4% following the news. Despite the initial decline, LUNC managed a significant recovery. As of writing, the LUNC price dipped by 2.84% to $0.00008116 on Wednesday.

Stolen Assets Report

The Terra chain's security breach was due to an unpatched vulnerability, allowing the attacker to mint tokens that had been Inter-Blockchain Communication (IBC) transferred onto Terra. This exploit emerged amid critical deadlines for Terraform Labs' bankruptcy proceedings.

The attacker utilized a smart contract, an IBC call with IBC hooks, and a timeout mechanism to gain unauthorized access to these tokens. As a result, substantial amounts of assets, including 500,000 USDT and 2.7 BTC, were compromised. The Terra team is actively investigating the incident to understand the exploit's exact nature and to patch the vulnerability.

The exploit followed a specific sequence of actions: a smart contract was instantiated on the Terra blockchain, which was then called using an IBC transfer that timed out, allowing tokens to arrive in the exploiter’s account. Despite the exploiter’s wallet never receiving more than 56 LUNA and 7,800 USDC at a time, they managed to steal millions of dollars' worth of assets.

The Terra team is working diligently to unravel the intricacies of this exploit and to implement measures to prevent future occurrences.

$LUNC $LUNA #Terra #Terraform #Hack

Notice:

,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“