Terra Blockchain Hack And Outage: What Happened?

The Terra blockchain has suffered a significant breach involving a complex exploit that resulted in the theft of approximately $5 million in assorted cryptocurrencies.

The Terra blockchain was breached on Monday, with an attacker exploiting a vulnerability to pilfer a total of 60 million ASTRO tokens, 3.5 million USDC, 500,000 USDT, and 2.7 BTC. The specific exploit used in the attack was identified by security researcher Rarma (@Rarma_), who confirmed via X, “So yes, it appears this is the IBC hooks exploit from back in April.”

The vulnerability, which was discovered but not patched earlier this year, allowed the attacker to manipulate the IBC transfer process, minting tokens on Terra using the exploited mechanism, and then transferring them off the platform.

“Terra isn’t patched, which allowed the exploit to occur. The exploiter could mint tokens that had been IBC transferred onto Terra by utilizing a contract, IBC call (with IBC hooks), and a timeout. 3.5 Million axlUSDC, 500k USDT, 2.7BTC, 60m ASTRO tokens. Terra and Neutron IBC relayer need to stop,” Rarma added.

The researcher further clarified that “the IBC’d Assets were ‘re-minted’ with this exploit into the hacker’s wallet. They then IBC Transferred them OUT. The ‘minted’ tokens were ‘burnt’ on the way out. So, from a Chain, IBC and Relayer perspective, the exploited amounts of these tokens technically don’t exist on Terra anymore. The TVL for these tokens is completely fake.”

The hacker already exited his stolen assets, not via Cosmos, but by bridging them back to Ethereum and swapping them for Ether (ETH).

In response to the security breach, the development team acted quickly, halting the blockchain to prevent further exploitation. The halt was announced to the community with specific details: “Please be advised that the chain will be halted shortly at block height 11430400 and transactions will not be processed during this time. We will be working with the validators on Terra (phoenix-1) to apply an emergency patch thereafter to remediate a suspected exploit.”

Approximately four hours after the halt, the dev team deployed an emergency patch to rectify the exploited vulnerability and to reinforce the blockchain’s defenses. The update was crucial in resuming normal blockchain activities: “The Terra chain has resumed block production at approximately 4:19 AM UTC today, and the emergency chain upgrade is now complete. Transactions are now being processed, and users may resume normal activities. Validators holding over 67% of the voting power on Terra have upgraded their nodes to prevent the exploit from recurring. More validators are expected to upgrade soon.”

The above is the detailed content of Terra Blockchain Hack And Outage: What Happened?. For more information, please follow other related articles on the PHP Chinese website!