TL;DR
- Security Breach and Emergency Patch: Terra faced a major security breach, resulting in the theft of over $4 million worth of tokens. The attack exploited a reentrancy vulnerability in the timeout callback of ibc-hooks.
- Stolen Assets: The attacker took assets including: USDC: Approximately $3.5 million. USDT: $500,000. Bitcoin (BTC): 2.7 BTC. Astroport’s ASTRO: Over 60 million tokens
- Market Impact: ASTRO’s price plummeted by 56%, reaching an all-time low of $0.01314. Terra’s native token, LUNA, also dipped but settled at $0.3944 after briefly touching $0.385.
Terra, a popular blockchain platform, recently faced a major security breach resulting in the theft of over $4 million worth of various tokens. The incident, caused by an apparent reentrancy attack, prompted developers to temporarily pause network operations.
The Attack and Emergency Patch
The attack exploited a reentrancy vulnerability in the timeout callback of IBC-hooks, a critical component of Terra’s infrastructure. In response, Terra halted its blockchain at block height 11430400 to address the issue.
Validators, who collectively hold over 67% of voting power on the network, swiftly upgraded their nodes to prevent further exploitation. The emergency patch was successfully implemented at 04:19 UTC, allowing Terra to resume normal block production. However, the effect of the attack was significant.
The Terra chain has resumed block production at approximately 4:19 AM UTC today and the emergency chain upgrade is now complete.
Transactions are now being processed, and users may resume normal activities.
Validators holding over 67% of the voting power on Terra have upgraded…
— Terra 🌍 Powered by LUNA 🌕 (@terra_money) July 31, 2024
Stolen Assets
According to security firm Beosin, the attacker made off with the following assets:
- USDC: Approximately $3.5 million
- USDT: $500,000
- Bitcoin (BTC): 2.7 BTC
- Astroport’s ASTRO: Over 60 million tokens
Terra blockchain was exploited for ~60M $ASTRO, 3.5M $USDC, 500k $USDT, and 2.7 $BTC.
The attacker exploited a reentrancy vulnerability in the timeout callback of ibc-hooks. The vulnerability was disclosed in April this year:https://t.co/CY39X28KyE https://t.co/hY9xA40hbJ
— Beosin Alert (@BeosinAlert) July 31, 2024
Market Fallout
In the aftermath of the attack, the price of ASTRO plummeted by 56%, hitting an all-time low of $0.01314. Currently, ASTRO is trading at $0.0218, down more than 50% for the day. Terra’s native token, LUNA, also experienced a dip, settling at $0.3944 (a 2.7% decrease) after briefly touching $0.385.
Reentrancy Vulnerability Explained
Reentrancy is a common bug that allows malicious actors to repeatedly call a smart contract, tricking it into executing unintended actions. In this case, the attacker exploited the vulnerability to drain funds from bridged assets.
Terra’s History
Terra, also known as Terra 2.0, emerged as a hard fork from the original Terra Classic (LUNC) blockchain. The split occurred after the 2022 collapse of the Terra ecosystem, triggered by the failure of Terra’s algorithmic stablecoin, UST. The recent attack underscores the importance of robust security measures in the rapidly evolving crypto landscape.
