The Terra blockchain faced an exploitation incident on July 31, resulting in a temporary halt in operations. Despite the restart, concerns linger regarding the exploited vulnerability. This exploit involved the theft of approximately 60 million ASTRO tokens among other assets. Early estimates suggest losses exceeding $4 million. An emergency patch was swiftly applied by Terra at block height 11430400.
Impact on ASTRO Tokens
On the morning of July 31, Terra blockchain temporarily suspended operations due to a cyber-attack resulting in the theft of 60 million ASTRO tokens, 3.5 million USDC, 500,000 USDT, and 2.7 BTC. The emergency patch deployed by Terra at block height 11430400 aimed to address the exploit. The attacker capitalized on a previously identified vulnerability within the system. The Astroport protocol, utilized for Cosmos network liquidity, bore the brunt of the reported $4 million exploit.
Following the attack, the value of ASTRO tokens plummeted by over 60%, currently resting at $0.023 on CoinGecko, marking a 50% decrease.
Addressing the Vulnerability
The vulnerability, described as a "reentrancy vulnerability," was discovered in the timeout callback of IBC-hooks. This vulnerability enables hackers to repeatedly call a function within the system before the prior function call concludes, facilitating fund manipulation and theft. The cyber flaw was initially discussed in April and was exploited due to Terra's unpatched system.
Measures for Future Security
The exploitation, labeled ASA-2024-007, impacts various versions of the IBC-go software used in chains supporting Inter-Blockchain Communication (IBC). Developers and maintainers are advised to promptly update to patched patched versions of IBC-go to mitigate similar risks. Terra blockchain has resumed normal operations after several hours of disruption following the attack. Validators holding the majority of voting power on Terra have upgraded their nodes to prevent future exploitations.
The emergency chain upgrade, as confirmed by Terra, has been successfully implemented.
Comments