Terra blockchain restarts but crashes ASTRO token by 60%; Here’s what we know

Terra blockchain was exploited on July 31, leading to a temporary halt in its operations. It has now restarted but concerns erupt from the vulnerability that was exploited. The attacker reportedly exploited a previously known flaw in the system, resulting in the theft of approximately 60 million ASTRO among other tokens.

Some early estimates believe the attack led to over $4 million in losses. Meanwhile, Terra said that an emergency patch was applied at block height 11430400.

Terra network exploit impacts ASTRO

On the morning of July 31, Terra blockchain announced that it was temporarily halting operations. It was revealed that the chain was attacked which led to the theft of around 60 million ASTRO, 3.5 million USDC, 500,000 USDT, and 2.7 BTC. Terra applied an emergency patch at block height 11430400. Reportedly, the attacker took advantage of a previous vulnerability in their system. Despite that, the Astroport protocol that is used for liquidity on the Cosmos network seems to be the biggest victim in the $4 million reported exploit.

ASTRO token dipped over 60% in value after the attack. At the time of writing, the price stands at $0.023 on CoinGecko, down 50%.

As per Andres Monty, co-founder of Range security, the vulnerability was identified and fixed in the past. Monty suggests that IBC Rate Limits could have helped prevent the issue. Rate limits are known to control the speed and amount of transactions, which can potentially stop malicious activities.

Some quick thoughts on the Terra IBC Hooks exploit:
1. This exploits a known and previously patched vulnerability.
2. This is not the time to point fingers but to investigate the move of funds and aim to recover them.
3. IBC Rate Limits would have mitigated the issue!!!

We're…

— monty (@aesmonty) July 31, 2024

Terra blockchain restarts after exploitation

The exploit is dubbed “reentrancy vulnerability” and was reportedly found in the timeout callback of IBC-hooks. Generally, the loophole can let hackers repeatedly call a function within the system before the previous function call is finished. The process enables attackers to manipulate the system and steal funds, a cyber flaw that was discussed in April.

So yes, appears this is the IBC hooks exploit from back in April.https://t.co/GiozhuQ5n0

Terra isn't patched, which allowed the exploit to occur.

The exploiter could mint tokens that had been IBC transferred onto Terra by utilising a contract, IBC call (with IBC hooks), and a… https://t.co/iD4TIgTufX pic.twitter.com/fUgzInWKiv

— Rarma (@Rarma_) July 31, 2024

 

The vulnerability, labeled ASA-2024-007, affects several versions of the IBC-go software. The software is used in chains that support IBC (Inter-Blockchain Communication) and allows code uploads for smart contracts. Developers and maintainers often rush to update their systems to the latest patched versions of IBC-go to deal with similar attacks.

As per the official update, “Validators holding over 67% of the voting power on Terra have upgraded their nodes to prevent the exploit from recurring.”

At press time, Terra blockchain has restarted normal processes after the attack halted the chain for several hours. Terra has also confirmed that the emergency chain upgrade has concluded.