KEY POINTS
- Terra said it was shutting down the chain Wednesday without explaining whether user funds were affected
- Beosin, which first confirmed the exploit, said the attacker targeted a vulnerability disclosed about 3 months back
- Some outlets said the exploit resulted in $4 million in losses, while others said up to $6 million was lost
Exploiters attacked the Terra blockchain on Wednesday, wiping out millions in cryptocurrencies. The network had to be paused briefly due to the exploit, which saw four specific tokens affected.
Terra announces brief shutdown
Terra announced Wednesday that the blockchain will be shut down and transactions will not be processed. "We will be working with the validators on Terra (phoenix-1) to apply an emergency patch thereafter to remediate a suspected exploit," the network said. It did not provide further details about the suspected breach.
📣Attention Terra users: Please be advised that the chain will be halted shortly at block height 11430400 and transactions will not be processed during this time.
— Terra 🌍 Powered by LUNA 🌕 (@terra_money) July 31, 2024
We will be working with the validators on Terra (phoenix-1) to apply an emergency patch thereafter to remediate a…
On-chain security firm reveals exploit
About three hours later, blockchain security firm Beosin revealed that the Terra blockchain was "exploited." The network lost 60 million $ASTRO tokens, 3.5 million $USDC stablecoins, 500,000 Tether ($USDT) coins, and 2.7 Bitcoin, as per Beosin.
Terra blockchain was exploited for ~60M $ASTRO, 3.5M $USDC, 500k $USDT, and 2.7 $BTC.
— Beosin Alert (@BeosinAlert) July 31, 2024
The attacker exploited a reentrancy vulnerability in the timeout callback of ibc-hooks. The vulnerability was disclosed in April this year:https://t.co/CY39X28KyE https://t.co/hY9xA40hbJ
It further revealed that the hacker "exploited a reentrancy vulnerability in the timeout callback of ibc-hooks," with the vulnerability having been disclosed back in April. Beosin's note means that the issue was already present for several months before Wednesday's attack.
Terra resumes operations
The blockchain later posted that it has resumed block production and an "emergency" upgrade on the chain has been completed. It said users can resume "normal activities."
The Terra chain has resumed block production at approximately 4:19 AM UTC today and the emergency chain upgrade is now complete.
— Terra 🌍 Powered by LUNA 🌕 (@terra_money) July 31, 2024
Transactions are now being processed, and users may resume normal activities.
Validators holding over 67% of the voting power on Terra have upgraded…
Terra still did not reveal what exactly happened, how much was lost, and whether the attacker has been identified, or if the network was working with experts regarding the issue. The developers have yet to reveal whether user funds were affected or not.
$ASTRO plummets
The $ASTRO crypto token plunged by 60% Wednesday following the exploit, as per PeckShield, another on-chain security firm.
#PeckShieldAlert #slippage $ASTRO Astroport has dropped -60%https://t.co/PtDpHon3kp pic.twitter.com/65Ayl9Wz3j
— PeckShieldAlert (@PeckShieldAlert) July 31, 2024
CoinDesk reports that the exploit resulted in total losses of $4 million, while other outlets said the attack wiped out around $6 million worth of the four cryptocurrencies affected.
A Terra flashback
Terra ($LUNA) is a hard fork spinoff from the original blockchain, Terra Classic ($LUNC), which was affected by the shocking collapse of the Terra ecosystem in 2022.
Crypto threat actors evolving
The latest exploit in the crypto space comes after the industry lost over $251 million to security-related hacks and exploits in the week of July 15-21. The said week's biggest loss was suffered by WazirX, a crypto exchange titan India that lost $230 million after one of its multisig wallets was breached by bad actors.
An expert said there is an ongoing "exploit trend" in the sector even as most companies are hard at work in improving their security measures. Threat actors are also evolving their exploits and scams, solidifying the notion that Web3 ecosystem remains vulnerable to security breaches.
