Terra Blockchain briefly halted after IBC caught a token-stealing exploiter

An attacker exploited an IBC hook vulnerability reported in April to exploit the Terra blockchain.

Published on July 31, 2024 at 5:11 AM EST.

On Tuesday, the Terra blockchain halted block production for about four hours to fix an exploit that resulted in the theft of millions of dollars worth of tokens.

The Terra team announced that block production would be halted in a post on X, stating that no transactions would be processed until validators deployed an emergency patch to address a suspected exploit.

Blockchain Security Company Beosin valued that the exploiter had stolen approximately 60 million ASTRO, 3.5 million USDC, 500,000 USDT, and 2.7 BTC, the total value of which exceeded $4 million at the time of the exploit. However, the value of ASTRO dropped by 55% to $0.02084.

Users following the flow of funds found that the activity resembled an IBC hooks exploit reported in April. IBC hooks is a third-party module used to allow ICS-20 token transfers to initiate contract calls.

This exploit would allow the attacker to mint tokens by exploiting the flaw in the contract in the hacker’s wallet. A user who tracked the hacker’s onchain activity found that the hacker had linked the stolen assets back to ETH.

IBC-enabled chains deployed a patch for the vulnerability when it was reported earlier this year. Although Terra was one of those chains, Sommelier Protocol’s Zaki Manian said The block which Terra developers forgot to include in a more recent June update.

“All Axelar USDC connected to Terra was stolen using the IBC hook exploit. A large amount of ASTRO was also stolen,” he said.

The Terra blockchain resumed producing blocks shortly after midnight ET after implementing an emergency fix.

Fuente