Get all your news in one place.
100’s of premium titles.
One app.
Start reading
International Business Times
International Business Times
Business
Marvie Basilan

Terra Blockchain Exploit: Millions Drained Due To Vulnerability Uncovered In April

The Terra blockchain was exploited Wednesday, but Terra has yet to provide a detailed report on how the attack was carried out. (Credit: Bybit/flickr.com)

KEY POINTS

  • Terra said it was shutting down the chain Wednesday without explaining whether user funds were affected
  • Beosin, which first confirmed the exploit, said the attacker targeted a vulnerability disclosed about 3 months back
  • Some outlets said the exploit resulted in $4 million in losses, while others said up to $6 million was lost

Exploiters attacked the Terra blockchain on Wednesday, wiping out millions in cryptocurrencies. The network had to be paused briefly due to the exploit, which saw four specific tokens affected.

Terra announces brief shutdown

Terra announced Wednesday that the blockchain will be shut down and transactions will not be processed. "We will be working with the validators on Terra (phoenix-1) to apply an emergency patch thereafter to remediate a suspected exploit," the network said. It did not provide further details about the suspected breach.

On-chain security firm reveals exploit

About three hours later, blockchain security firm Beosin revealed that the Terra blockchain was "exploited." The network lost 60 million $ASTRO tokens, 3.5 million $USDC stablecoins, 500,000 Tether ($USDT) coins, and 2.7 Bitcoin, as per Beosin.

It further revealed that the hacker "exploited a reentrancy vulnerability in the timeout callback of ibc-hooks," with the vulnerability having been disclosed back in April. Beosin's note means that the issue was already present for several months before Wednesday's attack.

Terra resumes operations

The blockchain later posted that it has resumed block production and an "emergency" upgrade on the chain has been completed. It said users can resume "normal activities."

Terra still did not reveal what exactly happened, how much was lost, and whether the attacker has been identified, or if the network was working with experts regarding the issue. The developers have yet to reveal whether user funds were affected or not.

$ASTRO plummets

The $ASTRO crypto token plunged by 60% Wednesday following the exploit, as per PeckShield, another on-chain security firm.

CoinDesk reports that the exploit resulted in total losses of $4 million, while other outlets said the attack wiped out around $6 million worth of the four cryptocurrencies affected.

A Terra flashback

Terra ($LUNA) is a hard fork spinoff from the original blockchain, Terra Classic ($LUNC), which was affected by the shocking collapse of the Terra ecosystem in 2022.

Crypto threat actors evolving

The latest exploit in the crypto space comes after the industry lost over $251 million to security-related hacks and exploits in the week of July 15-21. The said week's biggest loss was suffered by WazirX, a crypto exchange titan India that lost $230 million after one of its multisig wallets was breached by bad actors.

An expert said there is an ongoing "exploit trend" in the sector even as most companies are hard at work in improving their security measures. Threat actors are also evolving their exploits and scams, solidifying the notion that Web3 ecosystem remains vulnerable to security breaches.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.