Attackers exploited vulnerabilities related to IBC hooks to steal approximately $3 million in tokens on the Terra blockchain.
Odaily reports that the Terra blockchain has reported a security vulnerability on its network. An unknown attacker exploited a known vulnerability related to the third-party module IBC hooks, which is used for cross-chain contract calls and token transfers. The attacker used this vulnerability to steal funds from the bridged assets, including USDC and Astroport tokens. Preliminary estimates indicate that approximately $3 million worth of tokens may have been affected. After discovering the incident, Terra implemented emergency measures to prevent further damage and ensure that no additional tokens are stolen during the resolution of the vulnerability. It is reported that the vulnerability was discovered several months ago and was patched across the Cosmos ecosystem in April. However, Zaki Manian, the co-founder of Sommelier Finance, explained that Terra's upgrade in June did not include this patch, leading to the subsequent attack. Earlier today, Terra tweeted that the Terra chain has temporarily halted at block height 11430400, during which time no transactions will be processed. Terra will work with validators on the Terra (phoenix-1) chain to subsequently apply an emergency patch to fix the suspected vulnerability.
