According to a report by "The Block", the Layer 1 blockchain Terra suffered a security attack, resulting in the theft of tokens. An unknown attacker exploited a known vulnerability related to third-party mod IBC hooks to extract value from bridge assets, including the U.S. dollar stablecoin USDC and Cosmos ecosystem trading protocol Astroport Finance’s ASTRO token.
The Astroport protocol discovered on Wednesday (31st) that an IBC vulnerability appeared to be exploited, and the attacker minted several tokens on the Terra chain, including ASTRO. According to estimates from security firm Beosin, more than $4 million worth of tokens were affected. Meanwhile, ASTRO’s coin price fell by 60% following the incident.
Following the discovery of this attack, Terra took emergency measures to prevent further damage and ensure that no further tokens were stolen while the vulnerability was addressed. Terra coordinated with its validators to apply an emergency patch to address the dangerous vulnerability. Terra stated on the social platform this afternoon that the Terra chain has resumed block output, the emergency chain upgrade has now been completed, transactions are being processed, and users can resume normal activities.
The Terra chain has resumed block production at approximately 4:19 AM UTC today and the emergency chain upgrade is now complete.Transactions are now being processed, and users may resume normal activities.Validators holding over 67% of the voting power on Terra have upgraded…
— Terra Powered by LUNA (@terra_money) July 31, 2024
IBC hooks reportedly facilitate cross-chain contract calls and token transfers. Zaki Manian, co-founder of Sommelier Protocol, explained that the relevant vulnerability was discovered a few months ago and the entire Cosmos ecosystem was fixed in April. However, an upgrade of Terra in June did not include this patch, resulting in vulnerability exposure and subsequent exploitation. Manian told The Block:
"Terra's June upgrade does not appear to have included the patch. All Axelar USDC bridged to Terra were stolen using the IBC hooks vulnerability, and a large amount of ASTRO was also stolen."
Source
