On July 31, Terra’s blockchain experienced severe exploitation, leading to a temporary suspension of its operations. After addressing the vulnerability, the blockchain has restarted, but concerns remain regarding the exploited flaw.
The attack led to the theft of approximately 60 million ASTRO tokens and other cryptocurrencies.
Impact on terra network
On the morning of July 31, Terra Blockchain announced a temporary halt in its operations following an exploit. The breach resulted in the theft of about 60 million ASTRO tokens, 3.5 million USDC, 500,000 USDT, and 2.7 BTC.
Terra applied an emergency patch at block height 11430400 to address the issue. The attacker exploited a previously identified vulnerability in the system. The Astroport protocol, used for liquidity on the Cosmos network, was significantly impacted, contributing to the estimated $4 million in losses.
ASTRO token value plummets
The ASTRO token’s value dropped by over 60% following the attack. When writing, the token’s price is $0.023 on CoinGecko, marking a 50% decline. Andres Monty, co-founder of Range Security, noted that the vulnerability had been identified and fixed in the past. Monty suggested that implementing IBC Rate Limits could have prevented the exploit.
ASTRO token dips | Source: CoinGecko
These rate limits control transaction speed and volume, potentially stopping malicious activities. The exploit, known as a “reentrancy vulnerability,” was found in the timeout callback of IBC-hooks. This loophole allows hackers to repeatedly call a function before the previous call is completed, enabling the manipulation of the system and the theft of funds.
The vulnerability, labeled ASA-2024-007, affects several versions of the IBC-go software. This software is used in chains that support Inter-Blockchain Communication (IBC) and allows code uploads for smart contracts. Developers and maintainers often rush to update their systems to the latest patched versions of IBC-go to mitigate similar attacks.
Restart the Terra blockchain
According to the official update, validators holding over 67% of the voting power on Terra upgraded their nodes to prevent the exploit from recurring. At press time, the Terra blockchain has resumed normal operations after being halted for several hours. Terra has confirmed the completion of the emergency chain upgrade. Terra’s response to the exploit involved immediately patching the vulnerability and preventing further attacks.
The blockchain community is now focused on ensuring such incidents do not recur. Additional security measures, like IBC Rate Limits, may help prevent future exploits. The incident underscores the importance of ongoing vigilance and rapid response to vulnerabilities in blockchain systems. The Terra blockchain has restarted after a significant exploit, but the ASTRO token has suffered a 60% drop in value. The community’s efforts to address and prevent future vulnerabilities will be crucial in maintaining the network’s security and stability.