Terra Blockchain Exploit: Millions Drained Due To Vulnerability Uncovered In April
KEY POINTS
- Terra said it was shutting down the chain Wednesday without explaining whether user funds were affected
- Beosin, which first confirmed the exploit, said the attacker targeted a vulnerability disclosed about 3 months back
- Some outlets said the exploit resulted in $4 million in losses, while others said up to $6 million was lost
Exploiters attacked the Terra blockchain on Wednesday, wiping out millions in cryptocurrencies. The network had to be paused briefly due to the exploit, which saw four specific tokens affected.
Terra announces brief shutdown
Terra announced Wednesday that the blockchain will be shut down and transactions will not be processed. "We will be working with the validators on Terra (phoenix-1) to apply an emergency patch thereafter to remediate a suspected exploit," the network said. It did not provide further details about the suspected breach.
On-chain security firm reveals exploit
About three hours later, blockchain security firm Beosin revealed that the Terra blockchain was "exploited." The network lost 60 million $ASTRO tokens, 3.5 million $USDC stablecoins, 500,000 Tether ($USDT) coins, and 2.7 Bitcoin, as per Beosin.
It further revealed that the hacker "exploited a reentrancy vulnerability in the timeout callback of ibc-hooks," with the vulnerability having been disclosed back in April. Beosin's note means that the issue was already present for several months before Wednesday's attack.
Terra resumes operations
The blockchain later posted that it has resumed block production and an "emergency" upgrade on the chain has been completed. It said users can resume "normal activities."
Terra still did not reveal what exactly happened, how much was lost, and whether the attacker has been identified, or if the network was working with experts regarding the issue. The developers have yet to reveal whether user funds were affected or not.
$ASTRO plummets
The $ASTRO crypto token plunged by 60% Wednesday following the exploit, as per PeckShield, another on-chain security firm.
CoinDesk reports that the exploit resulted in total losses of $4 million, while other outlets said the attack wiped out around $6 million worth of the four cryptocurrencies affected.
A Terra flashback
Terra ($LUNA) is a hard fork spinoff from the original blockchain, Terra Classic ($LUNC), which was affected by the shocking collapse of the Terra ecosystem in 2022.
Crypto threat actors evolving
The latest exploit in the crypto space comes after the industry lost over $251 million to security-related hacks and exploits in the week of July 15-21. The said week's biggest loss was suffered by WazirX, a crypto exchange titan India that lost $230 million after one of its multisig wallets was breached by bad actors.
An expert said there is an ongoing "exploit trend" in the sector even as most companies are hard at work in improving their security measures. Threat actors are also evolving their exploits and scams, solidifying the notion that Web3 ecosystem remains vulnerable to security breaches.
© Copyright IBTimes 2024. All rights reserved.