Terra blockchain has suffered a significant security exploit, resulting in the theft of tokens valued at over $4 million. The attack exploited a known vulnerability in a third-party module called IBC hooks, which is designed to facilitate cross-chain contract calls and token transfers.
An unknown attacker took advantage of this vulnerability to drain value from various bridged assets, including the USDC stablecoin and ASTRO tokens from Astroport Finance. According to security firm Beosin, the total impact exceeds $4 million. The incident also caused the price of ASTRO tokens to plummet by 60%.
In response to the breach, Terra implemented emergency measures to halt further losses and safeguard remaining assets. The blockchain’s validators coordinated with Terra to apply an emergency patch to address the exploit. “We will be working with the validators on Terra to apply an emergency patch thereafter to remediate a suspected exploit,” Terra stated.
The vulnerability was initially identified and patched across the Cosmos ecosystem in April. However, Terra’s upgrade in June failed to include this crucial patch, leaving the network exposed to the exploit. Zaki Manian, co-founder of Sommelier Protocol, provided insight into the situation: “There was a vulnerability in IBC hooks discovered by Composable Finance in April. It was patched across Cosmos. Terra was patched then. It appears that Terra’s June upgrade did not include the patch. All the Axelar USDC bridged to Terra was stolen using the IBC hooks exploit. A large amount of ASTRO was also stolen.”
