Beosin: Analysis of the Vulnerability Cause of the Terra Chain Incident
According to Beosin Alert's monitoring and warning, the Terra chain has been temporarily suspended due to an emergency upgrade. It appears that someone has used an IBC vulnerability to mint multiple tokens on the Terra chain, including ASTRO. The Beosin security team's analysis found that after the attacker instantiated a contract on Terra, they used a reentrancy vulnerability in the ibc-hooks' timeout callback to transfer approximately 60 million ASTRO, 3.5 million USDC, 500,000 USDT, and 2.7 BTC. This vulnerability was disclosed in April this year and is a vulnerability in the Cosmos core library, but Terra did not fix it.